Hardware, OS, and required URLs for engines.
You can install engines on all Linux environments. Docker/Podman needs to be installed before installing an engine. If you are using the shell installer for an engine, Docker/Podman is installed automatically.
Note
The Cron package is required for installing engines on a Linux machine.
If your hard drive is partitioned, we recommend a minimum of 50 GB for the /var partition.
Component | Dev Environment Minimum | Production Minimum |
|---|---|---|
CPU | 8 CPU cores | 16 CPU cores |
Memory | 16 GB RAM | 32 GB RAM |
Storage | 100 GB | 100 GB |
You can deploy an engine on the following operating systems:
Operating System | Supported Versions |
|---|---|
Ubuntu | 18.04, 20.04, 22.04, 24.04 |
RHEL | 8.0, 8.1, 8.2, 8.3, 8.4, 8.5, 8.6, 8.7, 8.8, 8.9, 8.10, 9.0, 9.1, 9.2, 9.3, 9.4, 9.5 |
Oracle Linux | 7.x, 8.9, 9.3, 9.4 |
Amazon Linux | 2, Amazon Linux 2023 |
Note
Centos 8.x reached End of Life (EOL) on December 31, 2021, and is no longer a supported operating system.
Centos 7.x reached End of Life (EOL) on June 30, 2024, and is no longer a supported operating system.
You need to allow the following in the URLs for Cortex XSIAM engines to operate properly. The URLs are needed to pull container images from public Docker registries.
The endpoint URL is: wss://api-<tenant domain>.xdr.<region>.paloaltonetworks.com/xsoar/d1ws. For example, wss://api-my-tenant.xdr.us.paloaltonetworks.com/xsoar/d1ws
FUNCTION | SERVICE | PORT | DIRECTION |
|---|---|---|---|
Integrations | Integration-specific ports | Outbound | |
Engine connectivity | HTTPS | 443 (configurable) | Outbound |
Docker |
| 443 | Outbound |