Restoring a backup archive

You can restore a backup archive. Restoring a backup archive is useful if you have a system hardware failure or you want to restore a backup archive on a replacement appliance.

About this task

You can restart the Console only after the restore process is complete.

The restore process can take up to several hours; the process time depends on the size of the backup archive that must be restored. When complete, a confirmation message is displayed.

A window provides the status of the restore process. This window provides any errors for each host and instructions for resolving the errors.

The following parameters are available in the Restore a Backup window:

Table 1. Restore a Backup parameters
Parameter	Description
Name	The name of the backup archive.
Description	The description, if any, of the backup archive.
Type	The type of backup. Only configuration backups can be restored, therefore, this parameter displays config.
Select All Configuration Items	When selected, this option indicates that all configuration items are included in the restoration of the backup archive.
Restore Configuration	Lists the configuration items to include in the restoration of the backup archive. To remove items, you can clear the check boxes for each item you want to remove or clear the Select All Configuration Items check box.
Select All Data Items	When selected, this option indicates that all data items are included in the restoration of the backup archive.
Restore Data	Lists the configuration items to include in the restoration of the backup archive. All items are cleared by default. To restore data items, you can select the check boxes for each item you want to restore.

Procedure

On the navigation menu ( ), click Admin.
In the System Configuration section, click Backup and Recovery.
Select the archive that you want to restore.
Click Restore.

On the Restore a Backup window, configure the parameters.

Select the Custom Rules Configuration check box to restore the rules and reference data that is used by apps. Select the Users Configuration check box to restore authorized tokens that are used by apps.

The following table lists the restore configurations and what is included in each:

Note: The content included in each configuration is not limited to the content that is listed.

Restore Configuration	Content Included
Custom Rules Configuration	Rules Reference Sets Reference Data Saved Searches Forwarding Destinations Routing Rules Custom Properties Historical Searches Historical Rules Retention Bucket Configuration
Deployment Configuration	All content. If you select this option, it is recommended that you select all other configuration options.
Users Configuration	Users User Roles Security Profiles Authorized Services Dashboards User Settings User Quick Searches
License	License keys License Pool Allocations License history
Report Templates	Report templates This does not include generated report content.
System Settings	System Settings Asset Profiler Configuration
QVM Scan profiles and results	QVM Scan profiles and results Important: The IBM® QRadar® Vulnerability Manager scanner is end of life (EOL) in 7.5.0 Update Package 6, and is no longer supported in any version of IBM QRadar. For more information, see QRadar Vulnerability Manager: End of service product notification (https://www.ibm.com/support/pages/node/6853425).
Installed Applications Configuration	App configurations This does not include app data. Apps depending on authorized services might not work as expected if Users Configuration is not selected. When Installed Applications Configuration is selected, the Deployment Configuration group is auto-selected.
Assets	Asset model When Assets is selected, the Deployment Configuration group is auto-selected.
Offenses	Offense data Offense associations (for example, QID links, rule links, or asset links) Offense searches When Offenses is selected, the Deployment Configuration group is auto-selected. Important: When you restore to another system where only partial options are restored and rules are restored but related offenses are not. For example, when you restore deployment configuration without offenses. When you are restoring to a new or rebuilt system and if you had rules that created offenses that were indexed on custom properties of the system that the backup was created on, restore the offenses so that the offense types (offense indexed fields) are restored correctly. If this is not done, you need to edit any rules that create offenses indexed on custom properties and re-link them to the correct property again. The following default normalized fields are not affected by this. Source IP Destination IP QID Username Source MAC Destination MAC Device Hostname Source port Destination port Source IPV6 Destination IPV6 Source ASN Destination ASN Rule Application ID Source identity Destination identity Search result

Click Restore.
Click OK.
Click OK.
Choose one of the following options:
- If the user interface was closed during the restore process, open a web browser and log in to IBM QRadar.
- If the user interface was not closed, the login window is displayed. Log in to QRadar.
Follow the instructions on the status window.

What to do next

After you verify that your data is restored to your system, ensure that your DSMs, vulnerability assessment (VA) scanners, and log source protocols are also restored.

If the backup archive originated on an HA cluster, you must click Deploy Changes to restore the HA cluster configuration after the restore is complete. If disk replication is enabled, the secondary host immediately synchronizes data after the system is restored. If the secondary host was removed from the deployment after a backup, the secondary host displays a failed status on the System and License Management window.