Engine requirements - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-05-22
Category
Administrator Guide
Abstract

Hardware, OS, and required URLs for engines.

You can install engines on all Linux machines. Docker/Podman needs to be installed before installing an engine. If you are using the shell installer for an engine, Docker/Podman is installed automatically.

Engine hardware requirements

If your hard drive is partitioned, we recommend a minimum of 50 GB for the /var partition.

Component

Dev Environment Minimum

Production Minimum

CPU

8 CPU cores

16 CPU cores

Memory

16 GB RAM

32 GB RAM

Storage

100 GB

100 GB

Operating system requirements

You can deploy a Cortex XSIAM engine on the following operating systems:

Operating System

Supported Versions

CentOS

7.x

Ubuntu

18.04, 20.04, 22.04

RHEL

8.0, 8.1, 8.2, 8.3, 8.4, 8.5, 8.6, 8.7, 8.8, 8.9, 9.0, 9.1, 9.2, 9.3

Oracle Linux

7.x

Amazon Linux

2

Note

Centos 8.x reached End of Life (EOL) on December 31, 2021, and is no longer a supported operating system.

Engine required URLs

You need to allow the following in the URLs for Cortex XSIAM engines to operate properly.

The endpoint URL is: wss://api-<tenant domain>.xdr.<region>.paloaltonetworks.com/xsoar/d1ws. For example, wss://api-my-tenant.xdr.us.paloaltonetworks.com/xsoar/d1ws

FUNCTION

SERVICE

PORT

DIRECTION

Integrations

Integration-specific ports

Outbound

Engine connectivity

HTTPS

443 (configurable)

Outbound

Docker

  • https://registry-1.docker.io

  • https://registry.fedoraproject.org

  • https://registry.access.redhat.com

  • https://registry.centos.org

  • https://docker.io

  • https://registry.docker.io

  • https://auth.docker.io

    This URL may change according to Docker’s discretion.

  • https://production.cloudflare.docker.com

    This URL may change according to Docker’s discretion.

443

Outbound