Configure engines - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation
Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-04-25
Category
Administrator Guide
Abstract

Configure Cortex XSIAM engines to change the number of workers, access communication tasks, notify users if engine disconnects, and remove server from group.

When installing an engine, a d1.conf file is installed on your machine. Some configurations can only be done by editing the d1.conf file. If you install via Shell, you can edit the configuration in the UI as well as editing the file directly.

A use case for modifying the engine configuration is if you want to generate engine logs for a specific log level.

Edit the d1.conf file

  1. On the machine on which you installed the engine, navigate to the d1.conf file:

    Installation Type

    Location

    RPM, DEB, Shell

    /usr/local/demisto

    If using multiple engines, the location is /usr/local/demisto/name of the engine>. For example, /usr/local/demisto/d1_e1

    ZIP

    Same folder as the binary.

  2. Modify the file as required. See Common properties when editing an engine configuration

    You can also Configure the engine to use a web proxy.

Modify the configuration in Cortex XSIAM (Shell installations only)

Ensure that the data is in JSON format. The properties that you specify override the values defined in the d1.conf file.

  1. From the engines table, select the engine for which you want to modify the configuration.

  2. Click Edit Configuration.

  3. In the JSON formatted configuration dialog box, modify the properties as required. For more information, see Common properties when editing an engine configuration.

    edit_engine_config.png

Common properties when editing an engine configuration

The following table describes the common properties when editing an engine configuration using the d1.conf file (located by default at /usr/local/demisto/) or in the JSON formatted configuration dialog box in Cortex XSIAM.

Property

Type

Values

Edit

http_proxy

String

The IP address of the HTTP proxy through which the engine communicates.

For an example, see Configure the engine to use a web proxy.

The engine d1.conf file.

https_proxy

String

The IP address of the HTTP/s proxy through which the engine communicates.

For an example, see Configure the engine to use a web proxy.

The engine d1.conf file.

LogLevel

String

  • debug

  • info

  • warning

The engine d1.conf file or in the JSON formatted configuration dialog box.

BindAddress

String

The port on which the engine listens for agent connection requests and communication task responses.

The engine d1.conf file.

EngineURLs

String array

An array of tenant addresses to which the engine tries to connect. If you change the tenant URL, you need to update this parameter.

The engine d1.conf file.

LogFile

String

Path to the d1.log file. If you change the name or location of the d1.log file, you need to update this parameter.

The engine d1.conf file.

engine.allow.data.collection

String

Disables the option to send communication task forms through the engine.

  • false

The engine d1.conf file.