Run Docker with Non-Root Internal Users - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Cortex XSIAM
Creation date
Last date published
Administrator Guide

Run Docker with non-root internal users and for containers that do not support non-root internal users.

For additional security isolation, it is recommended to run Docker containers as non-root internal users. This follows the principle of least privilege.

  • Configure the engine to execute containers as non-root internal users.

    1. Edit the Engine Configuration File.

    2. Add the following key:

      "": true

    3. For containers that do not support non-root internal users, add the following key:

      "" : "A comma separated list of container names. The engine matches the container names according to the prefixes of the key values>"

      For example, ""="demisto/python3:","demisto/python:"

      The engine matches the key values for the following containers:


      The : character should be used to limit the match to the full name of the container. For example, using the : character does not find demisto/python-deb:

    4. Save the changes.

    5. Restart the demisto service on the engine computer.

      sudo systemctl start d1

      (Ubuntu/DEB) sudo service d1 restart