Restore Group Configuration details

The following table lists the restore configurations and the items that are included in each category.

Note: The content included in each configuration is not limited to the content that is listed.
Table 1. Restore Group Configuration details
Restore Configuration Content included
Custom Rules Configuration
  • Rules
  • Reference Sets
  • Reference Data
  • Saved Searches
  • Forwarding Destinations
  • Routing Rules
  • Custom Properties
  • Historical Searches
  • Historical Rules
  • Retention Bucket Configuration
Deployment Configuration
  • All Content
Note: If you select this option, it is recommended that you select all other configuration options.
Users Configuration
  • Users
  • User Roles
  • Security Profiles
  • Authorized Services
  • Dashboards
  • User Settings
  • User Quick Searches
Report Templates
  • Report templates
Note: Report Templates does not include generated report content.
System Settings
  • System Settings
  • Asset Profiler Configuration
Assets
  • Asset model
Note: When Assets is selected, the Deployment Configuration group is automatically selected.
Offenses
  • Offense data
  • Offense associations (for example, QID links, rule links, or asset links)
  • Offense searches
When Offenses is selected, the Deployment Configuration group is automatically selected.
Important: When you restore to another system where only partial options are restored and rules are restored but related offenses are not. For example, when you restore deployment configuration without offenses.

If restoring to a new or rebuilt system and if you had rules that created offenses that were indexed on custom properties of the system that the backup was created on, restore the offenses so that the offense types (offense-indexed fields) are restored correctly.

If this is not done, you need to edit any rules that create offenses indexed on custom properties and relink them to the correct property again.

The following default normalized fields are not affected.

  • Source IP
  • Destination IP
  • QID
  • Username
  • Source MAC
  • Destination MAC
  • Device
  • Hostname
  • Source port
  • Destination port
  • Source IPV6
  • Destination IPV6
  • Source ASN
  • Destination ASN
  • Rule
  • Application ID
  • Source identity
  • Destination identity
  • Search result
Installed Applications Configuration
    • App configurations
    Installed Applications Configuration does not include app data.
Important: Data Synchronization App v3.2.2 or later, when used with QRadar® UP13 or later, supports application restore functionality in a console-only setup. The items listed under the Installed Applications Configuration group is restored when using Data Synchronization App v3.2.2 or later with QRadar UP13 or later in a console-only environment. This happens only if the app-restore toggle is enabled during the Data Synchronization App setup.