cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
167
Views
0
Helpful
4
Replies
Highlighted
Beginner

Stealthwatch Backups

Hi All,

 

I'm looking at configuring the database backup for Stealthwatch. I have managed to configure and establish a connection to an SMB share, however, when I click on 'Create Backup' Stealthwatch immediately backs up and there doesn't seem to be an option to set a schedule. I've tried looking for the backup configuration in the user guides but its very limited.

 

How can a scheduled backup be configured?

 

 

4 REPLIES 4
Highlighted
Cisco Employee

Re: Stealthwatch Backups

Sorry, only manual backup is possible.

Highlighted
Beginner

Re: Stealthwatch Backups

Thank you for the response.

 

If thats the case, do we need to manually backup the database only on the SMC or do we need to do this for the other devices as well such as on the FCs?

Highlighted
Cisco Employee

Re: Stealthwatch Backups

In backup scenario, the most important is FlowData and next one is host group configuration in Stealthwatch products. FlowData is stored in FC and host group configuration are in FC. So both are important for normal environment. FlowData can’t restored once it broken without back up. Host group configuration needs many time to recover without backup. Of course SMC back up is also important.

Cisco Employee

Re: Stealthwatch Backups

If you are interested in another scenario of FlowData backup, please check below thread. Stealthwatch has an API to export FlowData from FC to 3rd party products such as SIEM.

 

https://community.cisco.com/t5/security-analytics/forwarding-ipfix-flows-from-flow-sensor-to-third-party-device/td-p/4015905