Activate Transporter - Activate a Broker VM with a Transporter applet. - Administrator Guide - Cortex CLOUD

Cortex Cloud Runtime Security Documentation
Product
Cortex Cloud Application Security > Cortex CLOUD
License
Cloud Runtime Security
Creation date
2024-12-24
Last date published
2026-06-10
Category
Administrator Guide
Abstract

Activate a Broker VM with a Transporter applet.

The Transporter over Broker VM enables secure communication between your self-hosted Version Control Systems (VCS) and Cortex Cloud. This solution addresses the need for secure code scanning without exposing your internal network to the cloud.

Prerequisites

  • Permissions: To configure and manage Transporter applet settings, you must have permissions to manage Broker Service configurations (such as an Instance Administrator)

  • Set up and configure Broker VMSet up and configure Broker VM

  • Confirm that your Broker is v 28 or above

  • Whitelist IP addresses to enable access to Cortex Cloud resources. The IP addresses for the Transporter are in the Broker VM Resources section of the Enable access to required PANW resources document

  • Open port 4052, which is required for the Transporter's IP address communication

  • Open Port 443 (outbound), which is required for the Broker VM to pull data from your version control system (VCS)

License

To gain access to and use the Transporter applet, you must possess one of these license types: Cloud Posture Security or Runtime Management) or XSIAM Premium. If you plan to use the Transporter for Code Security scanning, you will also need the Code Security add-on license.

Warning

The Transporter applet is not supported for FedRAMP customers.

How to activate the Transporter applet

  1. Select SettingsConfigurationsBroker VMs (under Data Broker.

  2. Select the Brokers tablocate your Broker VMhover and click + Add under the Apps columnAppSec Transporter.

  3. Configure the Transporter connection in the provided fields:

    • Transporter Name (required). Requires a unique name as you can integrate multiple applets for different integrations

    • Provider Self Signed CA Certificate Path: Specify the file path for a custom Certificate Authority (CA) certificate used by the Transporter to securely communicate with services

  4. Click Save.

  5. Verify connectivity: Navigate to the Apps column and verify that your AppSec Transporter applet has been added and displays a connected status.

  6. Next step: After activating the Transporter, proceed to configure the Transporter applet on your self-managed VCS data source instance.

    For more information, refer to Set up a Transporter on your VCS.

Manage Transporter applets

To manage Transporter applet configurations, disable connections, or deactivate an applet, navigate to the Broker VMs page. From there, select your Appsec Transporter under the App column.

  • Edit applet configurations: Select the Appsec Transporter under the App columnConfigure. You are redirected to the Transporter applet settings to manage its configurations

  • Disable applet connection for a single integration:

    1. Select the Appsec Transporter under the App columnConfigure.

    2. On the Transporter applet configurations page, click on the specific Transporter appletDisable.

      This disables the specific integration, but it can be re-enabled.

  • Deactivate an applet (all connections): Select the Appsec Transporter under the App columnDeactivateConfirm when prompted

    All existing connections are deleted but their configurations are saved in the database. When adding a new connection, you'll be prompted if you want to reuse previous configurations.