Create a Password Policy - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Cortex XSOAR
Creation date
Last date published
Administrator Guide

Create a FIPS compliant password policy in Cortex XSOAR.

In Cortex XSOAR you can set a default FIPS compliant password policy in the Password Policy tab. Any changes in the Password Policy override any password changes made in the server configuration settings.

  1. Go to SettingsUSERS AND ROLESPassword Policy.

  2. In the Enable Password Policy section, select On.

  3. Add the password requirements, as necessary.

    The 0 value disables the settings.

  4. When selecting unlock choose one of the following options to unlock the user’s account:

    • By Admin only: only administrators can manually unlock user accounts.

    • Automatically: users can unlock themselves after a specified period of time.

    Locked out users cannot use API keys. Cortex XSOAR has a delay mechanism for multiple failed logins. However, unlike the lockout mechanism, this system is not suitable for preventing automated brute-force attacks. It is useful for preventing accidental lockouts.

  5. Click Save.