POST /backup_and_restore/restores

Creates a restore object in the PENDING state.

Only a single restore record can be created at a time and all other existing restores must be in a completed state. A completed restore has the status of SUCCESS or FAILED.

Table 1. POST /backup_and_restore/restores resource details
MIME Type
application/json

Table 2. POST /backup_and_restore/restores request parameter details
Parameter	Type	Optionality	Data Type	MIME Type	Description
fields	header	Optional	String	text/plain	Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 3. POST /backup_and_restore/restores request body details
Parameter	Data Type	MIME Type	Description	Sample
restore	Object	application/json	Required. A single restore object has the following modifiable fields: groups - Required - Array of Enumeration - The set of groups that are included with the restore. These groups contain a subset of the following values: CUSTOM_RULES_CONFIG, DEPLOYMENT_CONFIG, USERS_CONFIG, LICENSE_CONFIG, QVM_CONFIG, INSTALLED_APPS_CONFIG, REPORT_TEMPLATES, ASSETS_DATA, OFFENSES_DATA. backup_id - Required - Long - The ID of the backup to restore. Any other set fields will be ignored.	{ "backup_id": 42, "groups": [ "CUSTOM_RULES_CONFIG", "DEPLOYMENT_CONFIG", "USERS_CONFIG", "LICENSE_CONFIG", "QVM_CONFIG", "INSTALLED_APPS_CONFIG", "ASSETS_DATA", "OFFENSES_DATA" ] }

Table 4. POST /backup_and_restore/restores response codes
HTTP Response Code	Unique Code	Description
201		The restore was created.
409	1011	A restore is currently pending or in progress. Only a single restore record can be created at a time and all other existing restores must be in a completed state. A completed restore has the status of SUCCESS or FAILED.
422	1002	The 'backup_id' parameter value cannot be null or empty.
422	1003	The backup does not exist.
422	1004	The backup type must be config.
422	1005	The backup status must be successful.
422	1006	The backup must be valid.
422	1007	The backup must be compatible.
422	1008	The 'groups' parameter value cannot be null or empty.
422	1009	The DEPLOYMENT_CONFIG group must be included with the INSTALLED_APPS_CONFIG group.
422	1010	A group was provided that does not exist.
422	1019	"The ASSETS_DATA and USERS_CONFIG groups must be included with DOMAINS group."
500	1000	An error occurred during the attempt to create the restore.

Response Description

The created restore object containing the following fields:

id - Long - The ID of the restore.
initiated_by - String - The user or authorized service that initiated the restore.
host_id - Long - The host that was restored. For more information, see the following Hosts API:
- api/config/deployment/hosts
time_initiated - Long - The number of milliseconds since epoch when the restore was started.
time_completed - Long - The number of milliseconds since epoch when the restore completed.
status - Enumeration - The status of the restore. The following values are available: PENDING, REQUESTING, INITIALIZING, IN_PROGRESS, FAILED, SUCCESS.
- PENDING: This is the initial state of the restore once it is created. From this state the restore can be updated to the REQUESTING state.
- REQUESTING: After the status is set to REQUESTING, a restore request is sent to the Backup and Restore Engine to initialize it as a new restore.
- INITIALIZING: After the restore request is received by the Backup and Restore Engine it will update the status to INITIALIZING.
- IN_PROGRESS: After the restore process begins the status will be updated to IN_PROGRESS.
- FAILED: If the restore has completed with errors the status will be updated to FAILED.
- SUCCESS: If the restore has completed without errors the status will be updated to SUCCESS.
is_cross_deployment_restore - Boolean - If the associated backup is being restored on a different Console with a set of new managed hosts, the condition is set to 'true'; otherwise, the condition is set to 'false'.
backup_id - Long - The ID of the backup associated with the restore. Once the restore completes this value will be updated to null.
backup_name - String - The name of the backup that was restored.
backup_version - String - The QRadar version that corresponds to the backup that was restored.
backup_type - Enumeration - The backup type that was restored. This value will always be CONFIG.
backup_filename - String - The filename of the backup that was restored.
groups - Array of Enumeration - The set of groups that are included with the restore. These groups contain a subset of the following values: CUSTOM_RULES_CONFIG, DEPLOYMENT_CONFIG, USERS_CONFIG, LICENSE_CONFIG, QVM_CONFIG, INSTALLED_APPS_CONFIG, REPORT_TEMPLATES, ASSETS_DATA, OFFENSES_DATA.
- CUSTOM_RULES_CONFIG: Restores custom rules, reference sets, reference data, and saved searches. If you have rules that depend on items other than reference data and saved searches, you need to use DEPLOYMENT_CONFIG in addition to CUSTOM_RULES_CONFIG for rules to be fully functional.
- DEPLOYMENT_CONFIG: Restores the deployment model and administrator controlled settings and content. This group includes, but is not limited to the following content: domains, log sources, flow sources, system settings, and forwarding rules.
- USERS_CONFIG: Restores users, authorized services, user roles, security profiles, and dashboards.
- LICENSE_CONFIG: NEEDS DESCRIPTION
- QVM_CONFIG: NEEDS DESCRIPTION
- INSTALLED_APPS_CONFIG: Restores installed applications.
- REPORT_TEMPLATES: Restores report templates.
- ASSETS_DATA: Restores the asset model.
- OFFENSES_DATA: Restores offenses. All offenses will be restored as closed.

Response Sample


{
    "backup_filename": "String",
    "backup_id": 42,
    "backup_name": "String",
    "backup_type": "String",
    "backup_version": "String",
    "groups": [
        "String"
    ],
    "host_id": 42,
    "id": 42,
    "initiated_by": "String",
    "is_cross_deployment_restore": true,
    "status": "String",
    "time_completed": 42,
    "time_initiated": 42
}