Set up Broker VM on Microsoft Azure - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-15
Category
Administrator Guide
Abstract

Learn how to set up your Cortex XSIAM Broker virtual machine (VM) on Microsoft Azure.

After you download your Cortex XSIAM Broker VHD (Azure) image, you need to upload it to Azure as a storage blob.

Danger

Download a Cortex XSIAM Broker VM VHD (Azure) image. For more information, see the virtual machine compatability requirements in Set up and configure Broker VM.

Perform the following procedures in the order listed below.

Make sure you extract the zipped hard disk file on a server that has more then 512 GB of free space.

Note

Extraction can take up to a few hours.

Upload from Microsoft Windows or Ubuntu.

  1. In the Azure home page, navigate to Azure servicesDisks and Add a new disk.

  2. Navigate to the Create a managed diskBasics page, and define the following information:

  3. Check you settings by clicking Review + create.

  1. Create your Broker VM disk, and after deployment is complete, click Go to resource.

  2. In your created Disks page, click Create VM.

  3. In the Create a virtual machine page, define the following:

  4. To check your settings, click Review + create.

  5. Create your VM.

    After deployment is complete, click Go to resource. You are directed to your VM page.

    Note

    Creating the VM can take up to 15 minutes. The Broker VM Web UI is not accessible during this time.

  6. Ensure that the VM you created contains an Outbound port rule that allows the broker to reach the Azure Instance Metadata Service using the IP address 169.254.169.254 and port 80. For more information about the Azure Instance Metadata Service, see the Azure Documentation.

    To configure an outbound rule on your VM, select NetworkingNetwork settings, and under the RulesOutbound port rules section, you can either:

    Note

    For more information on creating a rule in an Azure VM, see Create a Security Rule in the Azure Documentation.

    • Configure a new outbound port rule by selecting Create port ruleOutbound port rule and setting the following settings in the Add outbound security rule dialog box:

      • Destination: Select IP Addresses.

      • Destination IP addresses/CIDR ranges: Enter the IP address as 169.254.169.254.

      • Destination port ranges: Enter the port as 80.

      • Protocol: Select TCP.

      • Name: Enter a unique name for this new outbound port rule, such as AzureInstanceMetadataService.

      Click Add to create the new outbound port rule.

    • Edit an existing outbound port rule and ensure that the settings provided above for creating a new outbound port rule match what is already configured in the rule.