This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

Inquiry regarding Tenant Backu & Recovery

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Inquiry regarding Tenant Backu & Recovery

R.Abdeen
L0 Member

‎02-13-2026 10:44 AM

I am looking for detailed information regarding the backup and recovery lifecycle for a Cortex XDR tenant. Specifically, I have the following questions:

  1. Automated Backups: Does Palo Alto Networks perform regular backups of tenant-specific configurations (Security Policies, Profiles, XQL queries, etc.)? If so, what is the standard frequency?

  2. Restoration Requests: In the event of an accidental configuration loss, is it possible to request a restoration of a previous backup through support? What is the standard procedure and the expected Lead Time for such a request?

  3. Self-Service Rollback: Does the platform currently offer any "Undo" or "Rollback" features for administrative changes, or are we reliant on manual reconstruction via Audit Logs?

Thank you in advance for your insights!

0 Likes Likes
1 REPLY 1

susekar
L4 Transporter

‎02-16-2026 10:02 AM

Hello @R.Abdeen ,

 

Greetings for the day.

 

The Cortex XDR platform is a fully managed cloud Software-as-a-Service (SaaS) solution. Consequently, Palo Alto Networks manages the backend infrastructure, including regular system backups and disaster recovery procedures.

Automated Backups and Frequency:

Palo Alto Networks performs regular internal snapshots and system-level backups to ensure platform resilience and data integrity.

 

Standard Recovery Metrics:

While the internal snapshot interval is not publicly defined as a specific hourly or daily schedule in technical documentation, the system adheres to strict recovery metrics:

  • Recovery Point Objective (RPO): 4 hours

  • Recovery Time Objective (RTO): 4 hours

  • Service Availability: 99.9% monthly uptime objective

 

Restoration Requests:

The platform does not provide a customer-facing "point-in-time" restoration tool for reverting an entire tenant configuration due to administrative errors.

 

Limited Data Restoration:

If specific critical components like Indicators of Compromise (IOCs) or BIOC rules are accidentally deleted, a limited restoration may be possible through a support request.

Procedure

  • The customer must provide the exact date and time of the deletion and the specific restoration point.

  • TAC engineers will open a JIRA ticket to the Engineering/DevOps team to request a data merge from database backups.

Expected Lead Time

  • These manual data merges are typically performed during the next available maintenance window, commonly Sunday evening.

Self-Service Rollback and Management:

There is currently no native "Undo," "Checkpoint," or "Recycle Bin" feature for administrative configuration changes within the console.

Change Reconstruction via Audit Logs:

Administrators must rely on Management Audit Logs to track modifications. These logs record:

  • What configuration was modified or deleted

  • The timestamp of the change

  • The user attribution for the action

Best Practices for Manual Backup:

To mitigate accidental losses, Palo Alto Networks recommends a proactive manual backup strategy for security policies and profiles.

1. Manual Export

Periodically export Prevention Profiles and Policy Rules from the console:

  • Navigate to:
    Endpoints → Policy Management → Prevention → Profiles (or Policy Rules)

  • Right-click the desired items and select Export Profile or Export Policy

2. Restoration

Re-import these Base64-encoded files to manually revert settings if needed:

  • Navigate to:
    Endpoints → Policy Management → Prevention → Policy Rules

  • Select Import from File

API and Automation

There is currently no documented native API-based method for automated configuration backups or versioning.

While APIs can be used to extract alerts and incidents, configuration objects such as security profiles are not currently supported for automated backup via public API endpoints.

A feature request (CXDR-I-1916) exists for a comprehensive backup utility.

Additional Information

For formal documentation regarding disaster recovery plans or contractual SLAs, please contact your Palo Alto Networks Account Team.

 

If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution".

 

Thanks & Regards,
S. Subashkar Sekar

0 Likes Likes
  • 50 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks