POST /backup_and_restore/restores

Creates a restore object in the PENDING state.

Note: Only a single restore record can be created at a time and all other existing restores must be in a completed state. A completed restore has the status of SUCCESS or FAILED.

Table 1. POST /backup_and_restore/restores resource details
MIME Type

application/json

Table 2. POST /backup_and_restore/restores request parameter details
Parameter Type Optionality Data Type MIME Type Description

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 3. POST /backup_and_restore/restores request body details
Parameter Data Type MIME Type Description Sample

restore

Object

application/json

Required. A single restore object has the following modifiable fields:
  • groups - Required - Array of Enumeration - The set of groups that are included with the restore. These groups contain a subset of the following values: CUSTOM_RULES_CONFIG, DEPLOYMENT_CONFIG, USERS_CONFIG, LICENSE_CONFIG, QVM_CONFIG, INSTALLED_APPS_CONFIG, REPORT_TEMPLATES, ASSETS_DATA, OFFENSES_DATA.
  • backup_id - Required - Long - The ID of the backup to restore.
Any other set fields will be ignored.

{ "backup_id": 42, "groups": [ "CUSTOM_RULES_CONFIG", "DEPLOYMENT_CONFIG", "USERS_CONFIG", "LICENSE_CONFIG", "QVM_CONFIG", "INSTALLED_APPS_CONFIG", "ASSETS_DATA", "OFFENSES_DATA" ] }

Table 4. POST /backup_and_restore/restores response codes
HTTP Response Code Unique Code Description

201

The restore was created.

409

1011

A restore is currently pending or in progress. Only a single restore record can be created at a time and all other existing restores must be in a completed state. A completed restore has the status of SUCCESS or FAILED.

422

1002

The 'backup_id' parameter value cannot be null or empty.

422

1003

The backup does not exist.

422

1004

The backup type must be config.

422

1005

The backup status must be successful.

422

1006

The backup must be valid.

422

1007

The backup must be compatible.

422

1008

The 'groups' parameter value cannot be null or empty.

422

1009

The DEPLOYMENT_CONFIG group must be included with the INSTALLED_APPS_CONFIG group.

422

1010

A group was provided that does not exist.

500

1000

An error occurred during the attempt to create the restore.

Response Description

The created restore object containing the following fields:
  • id - Long - The ID of the restore.
  • initiated_by - String - The user or authorized service that initiated the restore.
  • host_id - Long - The host that was restored. For more information, see the following Hosts API:
    • api/config/deployment/hosts
  • time_initiated - Long - The number of milliseconds since epoch when the restore was started.
  • time_completed - Long - The number of milliseconds since epoch when the restore completed.
  • status - Enumeration - The status of the restore. The following values are available: PENDING, REQUESTING, INITIALIZING, IN_PROGRESS, FAILED, SUCCESS.
    • PENDING: This is the initial state of the restore once it is created. From this state the restore can be updated to the REQUESTING state.
    • REQUESTING: After the status is set to REQUESTING, a restore request is sent to the Backup and Restore Engine to initialize it as a new restore.
    • INITIALIZING: After the restore request is received by the Backup and Restore Engine it will update the status to INITIALIZING.
    • IN_PROGRESS: After the restore process begins the status will be updated to IN_PROGRESS.
    • FAILED: If the restore has completed with errors the status will be updated to FAILED.
    • SUCCESS: If the restore has completed without errors the status will be updated to SUCCESS.
  • is_cross_deployment_restore - Boolean - If the associated backup is being restored on a different Console with a set of new managed hosts, the condition is set to 'true'; otherwise, the condition is set to 'false'.
  • backup_id - Long - The ID of the backup associated with the restore. Once the restore completes this value will be updated to null.
  • backup_name - String - The name of the backup that was restored.
  • backup_version - String - The QRadar version that corresponds to the backup that was restored.
  • backup_type - Enumeration - The backup type that was restored. This value will always be CONFIG.
  • backup_filename - String - The filename of the backup that was restored.
  • groups - Array of Enumeration - The set of groups that are included with the restore. These groups contain a subset of the following values: CUSTOM_RULES_CONFIG, DEPLOYMENT_CONFIG, USERS_CONFIG, LICENSE_CONFIG, QVM_CONFIG, INSTALLED_APPS_CONFIG, REPORT_TEMPLATES, ASSETS_DATA, OFFENSES_DATA.
    • CUSTOM_RULES_CONFIG: Restores custom rules, reference sets, reference data, and saved searches. If you have rules that depend on items other than reference data and saved searches, you need to use DEPLOYMENT_CONFIG in addition to CUSTOM_RULES_CONFIG for rules to be fully functional.
    • DEPLOYMENT_CONFIG: Restores the deployment model and administrator controlled settings and content. This group includes, but is not limited to the following content: domains, log sources, flow sources, system settings, and forwarding rules.
    • USERS_CONFIG: Restores users, authorized services, user roles, security profiles, and dashboards.
    • LICENSE_CONFIG: NEEDS DESCRIPTION
    • QVM_CONFIG: NEEDS DESCRIPTION
    • INSTALLED_APPS_CONFIG: Restores installed applications.
    • REPORT_TEMPLATES: Restores report templates.
    • ASSETS_DATA: Restores the asset model.
    • OFFENSES_DATA: Restores offenses. All offenses will be restored as closed.

Response Sample


{
    "backup_filename": "String",
    "backup_id": 42,
    "backup_name": "String",
    "backup_type": "String",
    "backup_version": "String",
    "groups": [
        "String"
    ],
    "host_id": 42,
    "id": 42,
    "initiated_by": "String",
    "is_cross_deployment_restore": true,
    "status": "String",
    "time_completed": 42,
    "time_initiated": 42
}