Docker Overview - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Cortex XSOAR
Creation date
Last date published
Administrator Guide

Overview of how Cortex XSOAR uses Docker for security and predictability.

Docker is a software framework for building, running, and managing containers. Cortex XSOAR uses Docker to run Python scripts, PowerShell scripts, and integrations in a controlled environment. Integrations are run isolated from the server, which prevents accidental damage to the server. By packaging libraries and dependencies together, the environment remains the same and scripts and integrations are not affected by different server configurations.

Cortex XSOAR maintains a repository of Docker images, available in the Docker hub under the Cortex XSOAR organization. You can also access the Docker images through the Cortex XSOAR Container Registry. For Cortex XSOAR servers without an internet connection, you can download Docker images to another machine and copy them to the server.

Each Python/PowerShell script or integration has a specific Docker image listed in the YAML file. When the script or integration runs, if the specified Docker image is not available locally, it is downloaded from the Docker hub or the Cortex XSOAR Container Registry. The script or integration then runs inside the Docker container.

When creating an integration in Cortex XSOAR you are not required to “pip install” all required packages. The dependencies are part of a container that “docks” to the server and contains all libraries needed to run the integration. For more information on development, see the Docker documentation and Using Docker.