ANNOUNCEMENT - The community will be down for maintenace this Thursday August 13 from 12:00 AM PT to 02:00 AM PT. As a precaution save your work.
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
690
Views
0
Helpful
7
Replies
Highlighted
Beginner

Stealthwatch Backups

Hi All,

 

I'm looking at configuring the database backup for Stealthwatch. I have managed to configure and establish a connection to an SMB share, however, when I click on 'Create Backup' Stealthwatch immediately backs up and there doesn't seem to be an option to set a schedule. I've tried looking for the backup configuration in the user guides but its very limited.

 

How can a scheduled backup be configured?

 

 

7 REPLIES 7
Highlighted
Cisco Employee

Re: Stealthwatch Backups

Sorry, only manual backup is possible.

Highlighted
Beginner

Re: Stealthwatch Backups

Thank you for the response.

 

If thats the case, do we need to manually backup the database only on the SMC or do we need to do this for the other devices as well such as on the FCs?

Highlighted
Cisco Employee

Re: Stealthwatch Backups

In backup scenario, the most important is FlowData and next one is host group configuration in Stealthwatch products. FlowData is stored in FC and host group configuration are in FC. So both are important for normal environment. FlowData can’t restored once it broken without back up. Host group configuration needs many time to recover without backup. Of course SMC back up is also important.

Highlighted
Engager

Re: Stealthwatch Backups


@kyoshiik wrote:

. Of course SMC back up is also important.


Maybe we don't think Stealthwatch believes this is so because they don't treat it as important.

We should be able to schedule it

We should be able to send it to a box that has SMB1 OFF... 

 

Highlighted
Cisco Employee

Re: Stealthwatch Backups

I’ll check scheduled back up option in future update and let you know.

Highlighted
Cisco Employee

Re: Stealthwatch Backups

I checked roadmap and there is no plan for this now. I’ll add feature request.

Highlighted
Cisco Employee

Re: Stealthwatch Backups

If you are interested in another scenario of FlowData backup, please check below thread. Stealthwatch has an API to export FlowData from FC to 3rd party products such as SIEM.

 

https://community.cisco.com/t5/security-analytics/forwarding-ipfix-flows-from-flow-sensor-to-third-party-device/td-p/4015905