Before you migrate event data, you must first migrate the configuration data to the Sentinel target server. You can back up some of the configuration by using Solution Designer and the Export and Import options in Event Source Management (ESM). You must manually re-create the rest of the configuration data, which cannot be backed up or exported.
You must back up the necessary data by using various options in Sentinel.
Back up the following configuration on the source server by using Solution Designer:
Table 32-3 Configuration Data
|
Data |
Notes |
|---|---|---|
|
|
Correlation rules |
Create separate controls for each Correlation Engine so that you can migrate the rules separately to specific Correlation Engines. |
|
|
Actions |
You can back up only JavaScript actions and not legacy actions such as dynamic list and create incident. |
|
|
Event Enrichment |
Sentinel also backs up the associated maps to the event fields. Therefore, you do not need to re-create the associated maps after restoring event enrichment data. |
|
|
Filters |
Backs up all custom filters. |
|
|
Feeds |
The Solution Pack backs up only the Feed plug-ins but does not back up the plug-in configuration. |
For information about backing up data in Solution Designer, see Creating Solution Packs
in the Sentinel Administration Guide.
Back up your data collection configuration by using the Export configuration option in ESM. For more information, see Exporting Configurations
in the Sentinel Administration Guide.
Import the configuration data you backed up on the source server by using Solution Designer. For more information, see Installing Content from Solution Packs
in the Sentinel Administration Guide.
Rename any duplicate names of objects such as Filters, Actions, and Correlation Rules. By default, all Filters are Public when you import them on the target server. Re-assign the permission for each filter manually.
Apart from the configuration data you imported from the Solution Pack, you must manually re-create all other configurations. For more information about the configurations you need to re-create manually, see Table 32-2, Configurations You Can Migrate and Configurations You Need to Re-Create.