The Broker VM provides a Registry Scanner applet that scans and secures your container image registries. It supports Docker V2 or JFrog self-hosted registries located on-premises or in private cloud networks.
Notice
Requires the Cortex XSIAM Premium license or any other XSIAM license with the Cloud Posture Security or the Cloud Runtime Security add-on.
Note
You cannot activate the Registry Scanner directly on a new or existing Broker VM. You can only activate or deactivate existing Registry Scanner applets. To activate or deactivate existing applets, see Step 4 under Verify Registry Scanner connection section.
Verify Registry Scanner connection
After the registry scanner is initialized, perform the following steps to verify that the Registry Scanner applet is connected to the Broker VM:
Prerequisite:
To initialize registry scanning on your Broker VM, you must first add the necessary data connectors. For details, see:
When sizing your Broker VM, consider the following recommendations:
Disk Size: Calculate the required disk space by multiplying the average container image size in your environment by 10. This factor accounts for simultaneous operations with a buffer.
For example, If your average image size is 500 MB, allocate at least 5 GB of disk space (500 MB * 10 = 5000 MB = 5 GB).
CPU: Allocate a minimum of 8 CPU cores.
Memory: Allocate a minimum of 16 GB of RAM.
Go to → → → .
On either the Brokers or Clusters tab, find the Broker VM.
In the APPS column for the Broker VM, verify that the Registry Scanner app appears.
Select the Registry Scanner app to open a window displaying the following information:
Connection: Shows the app's current connection status. You can also Deactivate the app.
To reactivate the Registry Scanner app, do one of the following:
On the Brokers tab, locate the Broker VM, select +Add in the APPS column, and then choose Registry Scanner.
On the Clusters tab, locate the Broker VM, select +Add in the APPS column, and then choose Registry Scanner.
If the Registry Scanner app is not listed in the drop-down menu when you click +Add, it means that the registry scanning was not configured for that Broker VM. You must first add the data connectors.
Resources: Shows the percentage of CPU, Memory, and Disk resources used by the app.
To manage the Registry Scanner applet, see: