Change the Docker image in an integration or script - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-13
Category
Administrator Guide
Abstract

Use Docker to run Python scripts and integrations in a controlled environment in Cortex XSIAM.

Docker enables you to run scripts and integrations from an image in a controlled environment that isolates and safeguards the server. It also simplifies environment setup by packaging dependencies and configurations within an image, ensuring consistent execution across different systems. By default, Cortex XSIAM pulls images from the Demisto Docker image registry in Github, which are used in scripts and integrations as needed.  Cortex XSIAM integrations and scripts have the relevant Docker image already selected. For example, the Rasterize integration uses the demisto/python.3.3.11.9.1079 Docker image.

You may want to select a different Docker image for your integration or script. In Cortex XSIAM, you can select a different Docker image from a dropdown that is pulled from the Demisto Docker image registry. In Github, the dockerfiles-info branch contains information about each image to help you find one that is relevant.

Note

You can access publicly available Docker images from the Cortex XSIAM tenant even if there is no external connection to the Demisto registry, for example, if due to firewall constraints, your engine cannot access the Demisto registry.

Alternatively, instead of pulling publicly available images in the Demisto registry, you can pull images from a private authenticated image registry. For more information, see Pull images from a private image registry.Pull images from a private image registry

You can pull Docker images either directly or through an engine. If using an engine to pull Docker images from a private authenticated registry, you first need to configure the authentication on the engine machine. For more information, see Connect an engine to an image registry.

Change the Docker image for a script
  1. Edit the script.

  2. Under ADVANCED, in the Docker image name field, click X to clear the current selection and then select a Docker image name from the dropdown menu.

    For more information about changing the Docker image for a script, see the Advanced tab in Create a script.

  3. Save your changes.

Change the Docker image for an integration
  1. Go to Settings & InfoSettingsIntegrationsInstances, find your integration, and click the pencil icon to edit the integration’s source.

    For an out-of-the-box content pack integration, you first need to duplicate the integration to edit it.

  2. In the Integration Settings, expand the Script section.

  3. Click X to clear the current selection and then select a Docker image name from the dropdown menu.

    For more information about changing the Docker image, see the Advanced tab in Create a script.

  4. Save your changes.