Troubleshoot Docker Networking Issues - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-07-16
Last date published
2024-12-12
Category
Administrator Guide
Abstract

Troubleshoot Docker networking issues in Cortex XSIAM.

In Cortex XSIAM, integrations and scripts run either on the tenant, or on an engine.

If you have Docker networking issues when using an engine, you need to modify the d1.conf file.

  1. On the machine where the Engine is installed, open the d1.conf file.

  2. Add to the d1.conf file the following:

    {
    	"LogLevel": "info",
    	"LogFile": "/var/log/demisto/d1.log",
    	"EngineURLs": [
    	"wss://1234.demisto.live/d1ws"
    	],
    					"BindAddress": ":443",
    	"EngineID": "XYZ",
    	"ServerPublic": "ABC"
    	"ArtifactsFolder": "",
    	"TempFolder": "",
    	"python.pass.extra.keys": "--network=host"
    	}
  3. Save the file.

  4. Restart the engine using systemctl restart d1 or service d1 restart.

    Note

    If the Allow running multiple engines on the same machine option is selected, run the command:

    sudo systemctl restart d1_<Engine _name>