In Cortex XSOAR you can set a default FIPS compliant password policy in the Password Policy tab. Any changes in the Password Policy override any password changes made in the server configuration settings.
Go to→ → .
In the Enable Password Policy section, select On.
Add the password requirements, as necessary.
The 0 value disables the settings.
When selecting unlock choose one of the following options to unlock the user’s account:
By Admin only: only administrators can manually unlock user accounts.
Automatically: users can unlock themselves after a specified period of time.
Locked out users cannot use API keys. Cortex XSOAR has a delay mechanism for multiple failed logins. However, unlike the lockout mechanism, this system is not suitable for preventing automated brute-force attacks. It is useful for preventing accidental lockouts.