Backup and Restore

Tenable recommends performing regular backups of the Tenable Security Center Director data in your /opt/sc directory. When you restore a backup, the file overwrites the content in your /opt/sc directory.

Data backup requirements:

  • You must restore a backup file to a Tenable Security Center Director running the same version. For example, you cannot restore a backup file created on version 6.0.0 to a Tenable Security Center Director running Tenable Security Center 6.1.0.

  • You must restore a backup file to the same Tenable Security Center Director where you created the backup file. The hostname associated with the backup file must match the hostname on the receiving Tenable Security Center Director. For example, you cannot restore a backup file created on a Tenable Security Center Director with the hostname Example1 to a Tenable Security Center Director with the hostname Example2.

For more information, see Perform a Backup and Restore a Backup.

Configuration Backups

Tenable recommends performing regular backups of your Tenable Security Center Director configuration and managed Tenable Security Center instance configurations in addition to your Tenable Security Center Director data. You can restore a configuration backup to quickly resume normal Tenable Security Center Director operation as part of your disaster recovery plan.

Tenable Security Center Director configuration backups do not include configurations for managed Tenable Security Center instances, such as scans, scan policies, or credentials. You must perform a separate backup for each Tenable Security Center instance.

Configuration backups do not include data (such as vulnerability data, trend data, licenses, or secure connection settings). When your repositories contain new vulnerability data, you can use your dashboards, reports, and analysis tools to assess your network.

Note: After you restore a configuration backup, Tenable recommends performing discovery scans to re-populate your repositories with vulnerability data. For more information, see Scanning Overview.

Configuration backup requirements:

  • You must restore a backup file to a Tenable Security Center Director running the same version. For example, you cannot restore a backup file created on version 5.20.0 to a Tenable Security Center Director running Tenable Security Center 5.21.0.

Note: For best performance, after restoring a configuration backup, ensure the hostname associated with the configuration backup file matches the hostname on the receiving Tenable Security Center Director.

For more information, see Perform a Configuration Backup and Restore a Configuration Backup.

Configurations Included in a Configuration Backup

Category

Configurations

Users

User accounts, user roles, groups, and organizations

Resources

Managed Tenable Security Center instances, LDAP servers

System

Configuration settings (including data expiration settings, mail settings, miscellaneous settings, license settings, plugins/feed settings, SAML settings, and security settings), publishing sites settings, keys settings, and schedules

Scanning

Audit files, assets, and repositories

Reporting

Dashboards, report definitions, report images, and CyberScope and DISA report attributes

Workflow

Alerts

Analysis

Queries

Automatic Backups

Tenable Security Center Director performs automatic nightly backups of the following databases:

  • /opt/sc/application.db

  • /opt/sc/hosts.db

  • /opt/sc/jobqueue.db

  • /opt/sc/plugins.db

  • /opt/sc/remediationHierarchy.db

  • /opt/sc/orgs/<orgID>/organization.db (for each organization in your Tenable Security Center Director)

  • /opt/sc/orgs/<orgID>/assets.db (for each organization in your Tenable Security Center Director)

Automatic backups run nightly at 1:20 AM local time. This schedule cannot be changed.

Tenable Security Center Director stores backups in the same directory as the database.