Create a Broker VM Azure Image - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide
Product
Cortex XDR
License
Pro
Creation date
2023-03-22
Last date published
2023-09-21
Category
Administrator Guide

After you download your Cortex XDR Broker VHD (Azure) image, you need to upload it to Azure as a storage blob.

To create the image:

  1. Decompress the downloaded VHD (Azure) image. Make sure you decompress the zipped hard disk file on a server that has more then 512GB of free space.

    Note

    Decompression can take up to a few hours.

  2. Create a new storage blob on your Azure account by uploading the VHD file. You can use to upload either from Microsoft Windows or Ubuntu.

    Uploading From:

    Steps to follow:

    Microsoft Windows

    1. Verify you have:

      • Windows PowerShell version 5.1 or later.

      • .NET Framework 4.7.2 or later.

    2. Open PowerShell and execute Set-ExecutionPolicy unrestricted.

      • [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

      • Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201-Force

    3. Install azure cmdlets.

      Install-Module -Name Az -AllowClobber

    4. Connect to your Azure account.

      Connect-AzAccount

    5. Start the upload.

      az storage blob upload -f <vhd to upload> -n <vhd name> -c <container name> --account-name <account name>.

      Note

      Upload can take up to a few hours.

    Ubuntu 18.04

    1. Install Azure util.

      curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash

    2. Connect to Azure.

      az login

    3. Start the upload.

      az storage blob upload -f <vhd to upload> -n <vhd name> -c <container name> --account-name <account name>

  3. In the Azure home page, navigate to Azure servicesDisks and +Add a new disk.

  4. In the Create a managed diskBasics page define the following information:

    Project details

    • Resource group—Select your resource group.

    Disk details

    • Disk name—Enter a name for the disk object.

    • Region—Select your preferred region.

    • Source type—Select Storage Blob. Additional field are displayed, define as follows:

      • Source blob—Select Browse. You are directed to the Storage accounts page. From the navigation panel, select the bucket and then container to which you uploaded the Cortex XDR VHD image.

        In the Container page, Select your VHD image.

      • OS type—Select Linux

      • VM generation—Select Gen 1

    Review + create to check you settings.

  5. Create your Broker VM disk.

    After deployment is complete Go to resource.

  6. In your created Disks page, Create VM.

  7. In the Create a virtual machine page, define the following:

    Instance details

    • (Optional) Virtual machine name—Enter the same name as the disk name you defined.

    • Size—Select the size according to your company guidelines.

      Select Next to navigate to the Networking tab.

    Network interface

    • NIC network security group—Select Advanced.

    • Configure network security group—Select HTTPS to be able to access the Broker VM Web UI, and SSH to allow for remote access when troubleshooting. Make sure to allow these connection to the Broker VM from secure networks only.

    Review + create to check your settings.

  8. Create your VM.

    After deployment is complete Go to resource. You are directed to your VM page.

    Note

    Creating the VM can take up to 15 minutes. The Broker VM Web UI is not accessible during this time.