Inquiry regarding Tenant Backu & Recovery

R.Abdeen — Fri, 13 Feb 2026 18:44:12 GMT

I am looking for detailed information regarding the backup and recovery lifecycle for a Cortex XDR tenant. Specifically, I have the following questions:

Automated Backups: Does Palo Alto Networks perform regular backups of tenant-specific configurations (Security Policies, Profiles, XQL queries, etc.)? If so, what is the standard frequency?
Restoration Requests: In the event of an accidental configuration loss, is it possible to request a restoration of a previous backup through support? What is the standard procedure and the expected Lead Time for such a request?
Self-Service Rollback: Does the platform currently offer any "Undo" or "Rollback" features for administrative changes, or are we reliant on manual reconstruction via Audit Logs?

Thank you in advance for your insights!

Re: Inquiry regarding Tenant Backu & Recovery

susekar — Mon, 16 Feb 2026 18:02:09 GMT

Hello @R.Abdeen ,

Greetings for the day.

The Cortex XDR platform is a fully managed cloud Software-as-a-Service (SaaS) solution. Consequently, Palo Alto Networks manages the backend infrastructure, including regular system backups and disaster recovery procedures.

Automated Backups and Frequency:

Palo Alto Networks performs regular internal snapshots and system-level backups to ensure platform resilience and data integrity.

Standard Recovery Metrics:

While the internal snapshot interval is not publicly defined as a specific hourly or daily schedule in technical documentation, the system adheres to strict recovery metrics:

Recovery Point Objective (RPO): 4 hours
Recovery Time Objective (RTO): 4 hours
Service Availability: 99.9% monthly uptime objective

Restoration Requests:

The platform does not provide a customer-facing "point-in-time" restoration tool for reverting an entire tenant configuration due to administrative errors.

Limited Data Restoration:

If specific critical components like Indicators of Compromise (IOCs) or BIOC rules are accidentally deleted, a limited restoration may be possible through a support request.

Procedure

The customer must provide the exact date and time of the deletion and the specific restoration point.
TAC engineers will open a JIRA ticket to the Engineering/DevOps team to request a data merge from database backups.

Expected Lead Time

These manual data merges are typically performed during the next available maintenance window, commonly Sunday evening.

Self-Service Rollback and Management:

There is currently no native "Undo," "Checkpoint," or "Recycle Bin" feature for administrative configuration changes within the console.

Change Reconstruction via Audit Logs:

Administrators must rely on Management Audit Logs to track modifications. These logs record:

What configuration was modified or deleted
The timestamp of the change
The user attribution for the action

Best Practices for Manual Backup:

To mitigate accidental losses, Palo Alto Networks recommends a proactive manual backup strategy for security policies and profiles.

1. Manual Export

Periodically export Prevention Profiles and Policy Rules from the console:

Navigate to:
Endpoints → Policy Management → Prevention → Profiles (or Policy Rules)
Right-click the desired items and select Export Profile or Export Policy

2. Restoration

Re-import these Base64-encoded files to manually revert settings if needed:

Navigate to:
Endpoints → Policy Management → Prevention → Policy Rules
Select Import from File

API and Automation

There is currently no documented native API-based method for automated configuration backups or versioning.

While APIs can be used to extract alerts and incidents, configuration objects such as security profiles are not currently supported for automated backup via public API endpoints.

A feature request (CXDR-I-1916) exists for a comprehensive backup utility.

Additional Information

For formal documentation regarding disaster recovery plans or contractual SLAs, please contact your Palo Alto Networks Account Team.

If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution".

Thanks & Regards,
S. Subashkar Sekar

topic Re: Inquiry regarding Tenant Backu & Recovery in Cortex XDR Discussions