Docker Server Configurations - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.10
Creation date
2022-10-13
Last date published
2024-09-05
End_of_Life
EoL
Category
Administrator Guide
Abstract

Server configurations for Docker.

Key

Description

Default

api.create.docker.image.base

If you receive an error that you Cannot Create Custom Docker Image, update a Python Docker base image that will not try to reach the disabled sources.

N/a

containers.high.water.mark

Cortex XSOAR uses a Docker image and does not spin more containers. If there are no free containers, a new is one opened. If you see in the docker.log file that there are more than 20 Docker containers for each image, increase the number of containers.

20 containers from each Docker image

docker.cpu.limit

Limit the available CPU for each container.

1.0

docker.custon_certs.dir

If you have configured the certs dir dir in a different location from the Cortex XSOAR lib dir file, you can configure the dir to search for the file: python-ssl-certs.pem by using this server configurations. Use this configuration when you configure Python Docker integrations to trust custom certificates.

N/a

docker.memory.limit

If swap limit capabilities are enabled, in Cortex XSOAR, configure the memory limitation.

1g

docker.run.internal.asuser

Executes containers as non-root internal users. For additional security isolation, we recommend to run Docker with non-root internal users.

false

docker.run.internal.asuser.ignore

A comma-separated list of containers that do not support non-root internal users. For more information, see Run Docker with Non-Root Internal Users.

N/a

js.http.restricted

Comma separated list of IPs/hosts to limit access for JavaScript integrations. For example, value: 169.254.169.254,localhost,127.0.0.1.

N/a

limit.docker.cpu

Whether to limit available CPU. Used with docker.cpu.limit.

true

limit.docker.memory

Whether to limit memory. Used with docker.memory.limit.

true

powershell.docker.image

The Docker image you want to define as the base image. Can be used to change the default PowerShell image in a PowerShell script or integration without a specified Docker image. For example: demisto/powershell:7.1.3.22028.

demisto/powershell

python.docker.image

Sets the default Docker image. You can use a custom Docker image by setting the value for this key to the Docker image. If the Docker image is not available on the system, it will make a request to pull the image from Docker Hub to the server. If this is set, it will use this Docker image as the default Docker image for all integrations or automations that do not explicitly specify a Docker image.

demisto/python

python.docker.registry

The registry you want to point to. For example: myregistry.local:5000. For more information, see Manage Docker Images.

N/a

python.docker.use_custom_certs

Whether to configure Python Docker integrations to trust custom certificates.

false

python.pass.extra.keys

Sets specific Docker image settings. For more information, see:

N/a

python.pass.extra.keys.demisto/boto3py3

Assigns a Docker network used by AWS integration’s Docker container. For more information, see Assign a Docker Network for a Docker Image.

N/a

python.pass.extra.keys.demisto/chromium

Runs integrations that use the demisto/chromium docker image with the Docker network external. For more information, see Block Internal Network Access.

N/a

python.runner.loop.script.path

The Cortex XSOAR Server launches a Python Docker container by running a Python loop script. This configuration overrides the default path to the Python loop script. For more information, see Install a Cortex XSOAR Engine.

N/a

powershell.runner.loop.script.path

The Cortex XSOAR Server launches a Powershell Docker container by running a Powershell loop script. This configuration overrides the default path to the Powershell loop script. For more information, see Install a Cortex XSOAR Engine.

N/a