Backup and Restore

Tenable recommends performing regular backups of the Tenable Security Center data in your /opt/sc directory. When you restore a backup, the file overwrites the content in your /opt/sc directory.

Data backup requirements:

  • You must restore a backup file to a Tenable Security Center running the same version. For example, you cannot restore a backup file created on version 6.0.0 to a Tenable Security Center running Tenable Security Center 6.1.0.

  • You must restore a backup file to the same Tenable Security Center where you created the backup file. The hostname associated with the backup file must match the hostname on the receiving Tenable Security Center. For example, you cannot restore a backup file created on a Tenable Security Center with the hostname Example1 to a Tenable Security Center with the hostname Example2.

For more information, see Perform a Backup and Restore a Backup.

Configuration Backups

Tenable recommends performing regular backups of your Tenable Security Center configuration in addition to your Tenable Security Center data. You can restore a configuration backup to quickly resume normal Tenable Security Center operation as part of your disaster recovery plan.

Configuration backups do not include data (such as vulnerability data, trend data, licenses, or secure connection settings). When your repositories contain new vulnerability data, you can use your dashboards, reports, and analysis tools to assess your network.

Note: After you restore a configuration backup, Tenable recommends performing discovery scans to re-populate your repositories with vulnerability data. For more information, see Scanning Overview.

Configuration backup requirements:

  • You must restore a backup file to a Tenable Security Center running the same version. For example, you cannot restore a backup file created on version 5.20.0 to a Tenable Security Center running Tenable Security Center 5.21.0.

Note: For best performance, after restoring a configuration backup, ensure the hostname associated with the configuration backup file matches the hostname on the receiving Tenable Security Center.

For more information, see Perform a Configuration Backup and Restore a Configuration Backup.

Configurations Included in a Configuration Backup

Category

Configurations

Users

User accounts, user roles, groups, and organizations

Resources

Tenable Nessus scanners, Tenable Nessus Network Monitor instances, Log Correlation Engines, LDAP servers, and scan zones

System

Configuration settings (including data expiration settings, external schedules settings, Tenable Lumin settings, mail settings, miscellaneous settings, license settings, plugins/feed settings, SAML settings, and security settings), publishing sites settings, keys settings, and schedules

Scanning

Active scans, agent synchronization jobs, agent scans, freeze windows, credentials, scan policies, audit files, assets, repositories, and compliance check plugin entries

Reporting

Dashboards, Assurance Report Cards, report definitions, report images, and CyberScope and DISA report attributes

Workflow

Alerts

Analysis

Queries

Automatic Backups

Tenable Security Center performs automatic nightly backups of the following databases:

  • /opt/sc/application.db

  • /opt/sc/hosts.db

  • /opt/sc/jobqueue.db

  • /opt/sc/plugins.db

  • /opt/sc/remediationHierarchy.db

  • /opt/sc/orgs/<orgID>/organization.db (for each organization in your Tenable Security Center)

  • /opt/sc/orgs/<orgID>/assets.db (for each organization in your Tenable Security Center)

Automatic backups run nightly at 1:20 AM local time. This schedule cannot be changed.

Tenable Security Center stores backups in the same directory as the database.