Install, deploy and configure Cortex XSIAM engines.
When you install the engine, the d1.config
is installed on the engine machine, which contains engine properties such as proxy, log level, log files, etc. If Docker/Podman is already installed, the python.engine.docker
and powershell.engine.docker
key is set to true
. If Docker or Podman is not available when the engine is installed, the key is set to false
. If so, you need to set the key to true
. Verify that python.engine.docker
and powershell.engine.docker
configuration key is present in the d1.conf
file.
After you install and deploy an engine, there are several ways that you can Manage Engines.
Before you begin
If you are using DEB, RPM or Zip installation, install Docker/Podman.
Create an engine.
Select
→ → → → .In the Engine Name field, add a meaningful name for the engine.
Select one of the installer types from the drop down list.
Shell
DEB
RPM
Zip
Configuration
Tip
For Linux systems it is recommended to use the Shell installer. If using Amazon Linux 2, use the Zip installer (see step 4).
(Optional) (Shell only) Select the checkbox to enable multiple engines to run on the same machine.
If you have an existing engine, you did not select the checkbox, and you want to install another engine on the same machine, you need to delete the existing engine.
(Optional) Add any required configuration in JSON format.
Click OK to create the engine.
For Shell installation, do the following:
Move the
.sh
file to the engine machine using a tool like SSH or PuTTY.On the engine machine, grant execution permission by running the following command:
chmod +x /<engine-file-path>
Install the engine by typing one of the following commands:
With tools:
sudo
<engine-file-path>
Without tools:
sudo
<engine-file-path> -- -tools=false
If you receive a
permissions denied
error, it is likely that you do not have permission to access the/tmp
directory.
For RPM/DEB installation do the following:
Move the file to the required machine using a tool like SSH or PuTTY.
Type one of the following installation commands:
Machine Type
Install Command
RHEL (RPM)
sudo rpm -Uvh d1-2.5_15418-1.x86_64.rpm
Ubuntu (DEB)
sudo dpkg --install d1_xxx_amd64.deb
Start the engine by running one of the following commands:
Machine Type
Start Command
RHEL (RPM)
sudo systemctl start d1
Ubuntu (DEB)
sudo service d1 restart
For Zip installation on Amazon Linux 2, run the following commands:
Create the engine folder.
mkdir /usr/local/demisto
Unzip the engine files to the folder created in the previous step.
unzip ./d1.zip -d /usr/local/demisto
Allow the process to bind to low numbered ports.
setcap CAP_NET_BIND_SERVICE=+eip /usr/local/demisto/d1_linux_amd64
Change the owner of
/usr/local/demisto
to the demisto user.chown -R demisto:demisto /usr/local/demisto
In
/etc/systemd/system
edit thed1.service
file las follows (adjust the directory and the name of the binaries file if needed).[Unit] Description=Demisto Engine Service After=network.target [Service] Type=simple User=demisto WorkingDirectory=/usr/local/demisto ExecStart=/usr/local/demisto/d1_linux_amd64 EnvironmentFile=/etc/environment Restart=always [Install] WantedBy=multi-user.target
Run the following commands:
chown root:root /etc/systemd/system/d1.service
chmod 644 /etc/systemd/system/d1.service
Run the engine process.
systemctl start d1
Verify that the engine is running.
systemctl status d1
When the engine is connected, you can add the engine to a load balancing group by clicking Load-Balancing Group.
If you want to add the engine to a new group, click Add to new group from the dropdown list.
When the engine is in the load-balancing group, it cannot be used as an individual engine and does not appear when configuring an engine from the drop down list.
(Optional) After installing the engine, you may want to set up a proxy, set up Docker hardening, configure the number of workers for the engine, etc. For more information, see Configure Engines.