Configure the Broker VM - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-07-16
Last date published
2024-12-04
Category
Administrator Guide
Abstract

Configure any Cortex XSIAM Broker virtual machine (VM) as necessary.

To set up the Broker virtual machine (VM), you need to deploy an image created by Palo Alto Networks on your network or supported cloud infrastructure and activate the available applications. You can set up several Broker VMs for the same tenant to support larger environments. Ensure each environment matches the necessary requirements.

Before you set up the Broker VM, verify you meet the following requirements.

Perform the following procedures in the order listed below.

  1. Select SettingsConfigurationsData BrokerBroker VMs.

  2. Click Add BrokerGenerate Token, and copy to your clipboard. The token is valid for 24 hours. A new token is generated each time you select Generate Token.

Depending on the Broker VM version, navigate to either of the following URLs:

  • From Broker VM version 19.x.x and later: https://<broker_vm_ip_address>.:4443

  • From Broker VM version 18.x.x and earlier: https://<broker_vm_ip_address>/

Note

When DHCP is not enabled in your network and there isn't an IP address for your Broker VM, configure the Broker VM with a static IP using the serial console menu.

Log in with the default password !nitialPassw0rd, and then define your own unique password. The password must contain a minimum of eight characters, contain letters and numbers, and at least one capital letter and one special character.

Perform the following procedures in the order listed below.

  1. Define the network interfaces settings.

  2. (Optional) Set the internal network settings (Requires Broker VM 14.0.42 and later).

  3. (Optional) Configure a proxy server address and other related details to route Broker VM communication.

  4. (Optional) Configure your NTP servers (Requires Broker VM 8.0 and later).

    Specify the required server addresses using the FQDN or IP address of the server.

  5. (Optional) Allow SSH connections to the Broker VM (Requires Broker VM 8.0 and later).

    Important

    We strongly recommend disabling SSH connectivity when it's not being used. Therefore, activate SSH connectivity when it's needed and disable it right afterwards.

  6. (Optional) Update the SSL Server certificates for the Broker VM (Requires Broker VM 10.1.9 and later).

  7. Update the Trusted CA Certificate for the Broker VM.

  8. (Optional) Collect and Generate New Logs (Requires Broker VM 8.0 and later). Your Cortex XSIAM logs will download automatically after approximately 30 seconds.

Register and enter your unique Token, created in the Broker VMs page. This can take up to 30 seconds.

After a successful registration, Cortex XSIAM displays a notification.

You are directed to SettingsConfigurationsData BrokerBroker VMs. The Broker VMs page displays your Broker VM details and allows you to edit the defined configurations.