6 Replies Latest reply on Sep 4, 2017 4:28 AM by kmc

    SIEM Backup

    davidp64

      Hi frnds,

       

      Can anyone have some idea on backup process.what is the difference between them.what data are covered in backup and full backup..

       

       

       

      Please share your suggestions.

        • 1. Re: SIEM Backup
          sssyyy

          Backup Now > ESM Configurations and Settings only, no Data

          Full Backup Now > Everything

          • 2. Re: SIEM Backup
            davidp64

            is custom watch list, custom alarms,custom correlation rule,data sources is covered in backup now process..

            • 3. Re: SIEM Backup
              sssyyy

              I doubt watchlists, alarms and correlation rules are part of the config backup. That's because McAfee recommend to back those up before the upgrade to 10.x in their release note.

               

              Data sources maybe, but I haven't checked. As a precaution, you should periodically export data source settings, in case ERC experiences hardware issue and require re-image or RMA.

              • 4. Re: SIEM Backup
                kmc

                A standard backup saves all configuration settings, including those for policy, as well as SSH, Network, and SNMP files where as full backup includes device settings (above specified) and the system data.

                 

                one thing you need keep in mind that once you initiate full backup SIEM will go offline and it's available only after the completion of the full backup

                • 5. Re: SIEM Backup
                  davidp64

                  Kmc, Thanks for providing information, but my ask still not full fill that as there is two options for backup 1. Backup Now 2. Full backup now.

                   

                  So i need to clear it out what thing are covered in 1.Backup Now option as i know that in full backup it will take a back of all.

                   

                  Please help me to understand this.

                  • 6. Re: SIEM Backup
                    kmc

                    Hi davidp64

                    Normal backup will Backup ESM settings(specified above) and events(if only selected), flows (if only selected), and logs (if only selected)

                    To be clear:Collects all users, reports, dashboards, Receiver data sources, templates, alarms, filters, watchlists, and user created content.

                     

                    Where as Full Backup will backup: ESM settings, Events Data, flow Data, Event Log data and settings of the ESM, ERC, DEM, ADM, and ACE devices if configured.

                     

                    Reference: McAfee Corporate KB - When to use a Full System backup, a Settings Only backup, and an Incremental backup with Enterpris…

                    Note: If you are doing full backup you should store it in remote.