Backup and recovery

IBM® QRadar® on Cloud regularly backs up and syncs your data to Cloud Object Storage (COS) for full disaster recovery.

The COS is located in an alternate site in the same region as your QRadar on Cloud deployment.

QRadar on Cloud creates an hourly backup of your data. The data is synced to COS and retained per the entitlement period.

QRadar on Cloud creates a nightly backup archive of your configuration information and retains it on the console for one week. The backup archive is synced to COS nightly and retained per the entitlement period.

QRadar on Cloud provides two types of backups: configuration backups and data backups.

Configuration backups include the following components:
  • Application configuration
  • Assets
  • Custom logos
  • Custom rules
  • Device Support Modules (DSMs)
  • Event categories
  • Flow sources
  • Flow and event searches
  • Groups
  • Index management information
  • License key information
  • Log sources
  • Offenses
  • Reference set elements
  • Store and Forward schedules
  • User and user roles information
  • Vulnerability data (if IBM QRadar Vulnerability Manager is installed)
Data backups include the following information:
  • Audit log information
  • Event data
  • Flow data
  • Report data
  • Application data