There can be reasons why you want your XSOAR data to be available locally or for example in a different database. As this was one request I came up with a simple data dumper to move the XSOAR data to my two favorite databases, MariaDB and CouchDB.
The script is pretty simple, as it only performs the following steps
- (init) query the list of all incidents and store the incident_id in an sqlite database
- (run) fetch the “unfetched” incidents from XSOAR and move the context data into the database of choice and mark the incident_id as fetched in the sqlite database
This way you can re-run the fetching in case of any issue.
If you must start all new you can drop the databases (MariaDB/CouchDB/Files and sqlite) and start new.