Engine Installation - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-07-16
Last date published
2024-12-04
Category
Administrator Guide
Abstract

Install, deploy and configure Cortex XSIAM engines.

You can install engines on all Linux machines. Docker/Podman needs to be installed before installing an engine. If you are using the Shell installer for an engine, Docker/Podman is installed automatically.

Note

The Cron package is required for installing engines on a Linux machine.

Engine Hardware Requirements

If your hard drive is partitioned, we recommend a minimum of 50 GB for the /var partition.

Component

Dev Environment Minimum

Production Minimum

CPU

8 CPU cores

16 CPU cores

Memory

16 GB RAM

32 GB RAM

Storage

100 GB

100 GB

Operating System Requirements

You can deploy a Cortex XSIAM engine on the following operating systems:

Operating System

Supported Versions

Ubuntu

18.04, 20.04, 22.04

RHEL

8.0, 8.1, 8.2, 8.3, 8.4, 8.5, 8.6, 8.7, 8.8, 8.9, 8.10, 9.0, 9.1. 9.2, 9.3, 9.4

Oracle Linux

7.x, 8.9, 9.3

Amazon Linux

2

Note

Centos 8.x reached End of Life (EOL) on December 31, 2021, and is no longer a supported operating system.

Centos 7.x reached End of Life (EOL) on June 30, 2024, and is no longer a supported operating system.

Engine Required URLs

You need to allow the following in the URLs for Cortex XSIAM engines to operate properly.

The endpoint URL is: wss://api-<tenant domain>/xsoar/d1ws

FUNCTION

SERVICE

PORT

DIRECTION

Integrations

Integration-specific ports

Outbound

Engine connectivity

HTTPS

443 (configurable)

Outbound

Docker

  • https://registry-1.docker.io

  • https://registry.fedoraproject.org

  • https://registry.access.redhat.com

  • https://registry.centos.org

  • https://docker.io

  • https://registry.docker.io

  • https://auth.docker.io

    This URL may change according to Docker’s discretion.

  • https://production.cloudflare.docker.com

    This URL may change according to Docker’s discretion.

443

Outbound

Engine Installation Types

Cortex XSIAM supports the following file types for installation on the engine machine:

  • Shell: For all Linux deployments, including Ubuntu, SUSE, RHEL, etc. Automatically installs Docker/Podman, downloads Docker/Podman images, enables remote engine upgrade, and allows installation of multiple engines on the same machine.

    The installation file is selected for you. Shell installation supports the purge flag, which by default is false.

    Note

    When upgrading a Shell type engine, you can use the Upgrade Engine feature in the Engines page. For Amazon Linux 2 type engines, you need to upgrade these engine types using a zip type engine and not use the Upgrade Engine feature.

    If you use the Shell installer, Docker/Podman is automatically installed.

  • DEB: For Ubuntu operating systems.

  • RPM: RHEL operating systems.

    Note

    Use DEB and RPM installation when shell installation is not available. You need to install Docker or Podman and any dependencies. You need to install Docker or Podman and any dependencies.

  • Zip: Used for Amazon Linux 2 machines.

  • Configuration: Configuration file for download. When you install one of the other options, this configuration file (d1.conf ) is installed on the engine machine.

Important

For DEB/RPM engines, Python (including 3.x) and containerization platform (Docker/Podman) must be installed and configured. For Docker or Podman to work correctly on an engine, IPv4 forwarding must be enabled.