Security ContentInstall Security Content

Table of Contents

Manually Revert a Security Content Configuration File

If you don't like the latest security content you installed using Content Installer, revert them to the last time they were backed up.

After you install new security content, Content Installer backs up the custom configuration files automatically.

If you fail to install the new components, the configuration files automatically revert to the previous version. If you installed the new components and you don't like the changes, you can manually revert to the previous version.

The backup file has the extension .bck.[timestamp].

  1. Navigate to the custom folder, replacing [filepath] with the appropriate file path:

    cd [filepath]
    • For Advanced Analytics, the backup is saved in /opt/exabeam/config/custom.

    • For Data Lake, the backup is saved in the custom_mojito.conf file, which is located in different places based on product version:

      • Data Lake i20-i21: /opt/exabeam/config/lms/custom_mojito.conf

      • Data Lake i22-i23: /opt/exabeam/config/lms/elasticsearch/custom_mojito.conf

      • Data Lake i24 and later: /opt/exabeam/config/lms/elasticsearch/ingest-mojito/custom_mojito.conf

  2. For any security content, replace the current configuration file with the corresponding backup file:

    cp [configfile].bck.[timestamp] [configfile]

    For example, to revert a rule configuration file to the previous version:

    cp rules.conf.bck.20200424231706 rules.conf