Engine Installation - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-04-18
Category
Administrator Guide
Abstract

Install, deploy and configure Cortex XSIAM engines.

You can install engines on all Linux and Windows machines. Although engines are intended for Linux operating systems, they can be used on Windows, but Windows machines must be configured to run Linux containers. Docker/Podman needs to be installed before installing an engine. If you are using the Shell installer for an engine, Docker/Podman is installed automatically.

Engine Hardware Requirements

If your hard drive is partitioned, we recommend a minimum of 35 GB for the /var partition.

Component

Dev Environment Minimum

Production Minimum

CPU

8 CPU cores

16 CPU cores

Memory

16 GB RAM

32 GB RAM

Storage

50 GB

50 GB (if partitioned, 35 GB for /var)

Operating System Requirements

You can deploy a Cortex XSIAM engine on the following operating systems:

Operating System

Supported Versions

CentOS

7.x

Ubuntu

18.04, 20.04, 22.04

RHEL

8.0, 8.1, 8.2, 8.3, 8.4, 8.5, 8.6, 8.7, 8.8, 9.0

Oracle Linux

7.x

Amazon Linux

2

Note

Centos 8.x reached End of Life (EOL) on December 31, 2021, and is no longer a supported operating system.

Engine Required URLs

You need to allow the following in the URLs for Cortex XSIAM engines to operate properly.

The endpoint URL is: wss://api-<tenant domain>/xsoar/d1ws

FUNCTION

SERVICE

PORT

DIRECTION

Integrations

Integration-specific ports

Outbound

Engine connectivity

HTTPS

443 (configurable)

Outbound

Docker

  • https://registry-1.docker.io

  • https://registry.fedoraproject.org

  • https://registry.access.redhat.com

  • https://registry.centos.org

  • https://docker.io

  • https://registry.docker.io

  • https://auth.docker.io

    This URL may change according to Docker’s discretion.

  • https://production.cloudflare.docker.com

    This URL may change according to Docker’s discretion.

443

Outbound

Engine Installation Types

Cortex XSIAM supports the following file types for installation on the engine machine:

  • Shell: For all Linux deployments, including Ubuntu, SUSE, RHEL, etc, except CentOS 7.x Automatically installs Docker/Podman, downloads Docker/Podman images, enables remote engine upgrade, and allows installation of multiple engines on the same machine.

    The installation file is selected for you. Shell installation supports the purge flag, which by default is false.

    Note

    When upgrading a Shell type engine, you can use the Upgrade Engine feature in the Engines page. For CentOS 7 or Amazon Linux 2 type engines, you need to upgrade these engine types using a zip type engine and not use the Upgrade Engine feature.

    If you use the Shell installer, Docker/Podman is automatically installed. We recommend using Linux and not Windows to be able to use the Shell Installer which installs all dependencies.

  • DEB: For Ubuntu operating systems.

  • RPM: RHEL operating systems.

    Note

    Use DEB and RPM installation when shell installation is not available. You need to install Docker or Podman and any dependencies. You need to install Docker or Podman and any dependencies. If installing on CentOS v7 you need to install Mirantis Container Runtime (formerly Docker Engine - Enterprise) or Red Hat's Docker distribution to run specific Docker dependent integrations and scripts.

  • Zip: Used for Windows and CentOS 7 machines.

  • Configuration: Configuration file for download. When you install one of the other options, this configuration file (d1.conf ) is installed on the engine machine.

Important

For DEB/RPM and Windows engines, Python (including 3.x) and containerization platform (Docker/Podman) must be installed and configured. For Docker or Podman to work correctly on an engine, IPv4 forwarding must be enabled.