Edit the Engine Configuration File - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-05-26
Category
Administrator Guide
Abstract

Edit engine configurations by modifying d1.conf or specific properties in the JSON formatted configuration section.

You can edit the engine configuration by either modifying the d1.conf file on the engine, or in Cortex XSIAM by modifying specific properties in the JSON formatted configuration dialog box (Shell installations only).

  1. Modify the d1.conf file.

    1. On the machine on which you installed the engine, navigate to the d1.conf file:

      Installation Type

      Location

      RPM, DEB, Shell

      /usr/local/demisto

      If using multiple engines, the location is /usr/local/demisto/name of the engine>. For example, /usr/local/demisto/d1_e1

      ZIP

      Same folder as the binary.

    2. Modify the file as required. See Common Properties When Editing an Engine Configuration.

      You can also Configure the Engine to Use a Web Proxy.

  2. Modify the configuration in Cortex XSIAM.

    Ensure that the data is in JSON format. The properties that you specify override the values defined in the d1.conf file. A use case for modifying the engine configuration is if you want to generate engine logs for a specific log level.

    1. From the engines table, select the engine for which you want to modify the configuration.

    2. Click Edit Configuration.

    3. In the JSON formatted configuration dialog box, modify the properties as required. For more information, see Common Properties When Editing an Engine Configuration.

      json-config.png