Install, deploy and configure Cortex XSOAR engines.
Before you install the engine, you need to define the base URL in the Settings page so the engine can communicate with the server. The base URL is the external IP address of your Cortex XSOAR server. If you do not define the base URL, you need to add it to the
d1.conf file after you create the engine.
When you install the engine, the
d1.config is installed on the engine machine, which contains engine properties such as proxy, log level, log files, etc. If Docker/Podman is already installed, the
powershell.engine.docker key is set to
true. If Docker or Podman is not available when the engine is installed, the key is set to
false. If so, you need to set the key to
true. Verify that
powershell.engine.docker configuration key is present in the
For engines running on a Windows machine, add the following keys to the
python.runner.loop.script.pathconfiguration key with the path to the
_script_docker_python_loop.pyfile (located in the engine’s installation folder). The path to the
_script_docker_python_loop.pymust be taken from WSL installed on the Windows machine (for example,
/mnt/c/Users/<customer user>/Desktop/<customer engine folder>/_script_docker_python_loop.py).
powershell.runner.loop.script.pathconfiguration key with the WSL path to the
_script_docker_powershell_loop.ps1file (also located in engine’s installation folder).
After you install and deploy an engine, there are several ways that you can Manage Engines. For Linux systems, you can run Python integrations on an engine. Ensure you have Python 2.7 or later installed on the engine machine. Running Python integrations needs to be through Docker.
Define the base URL.
Go to→ → .
From the Server Configuration section, in the Base URL (for D2 Agents and Engines) type the Base URL.
For example, for https://ec2-54-228-48-128.eu-west-1.compute.amazonaws.com/, type
We recommend using the FQDN (fully qualified domain name). If the engine does not have an external address, the IP address can be used instead of the FQDN. For high availability environments or multi-tenant deployments, the FQDN should always be used.
Create an engine.
Select→ → → .
In the Engine Name field, add a meaningful name for the engine.
Select one of the installer types from the dropdown list.
For Linux systems it is recommended to use the Shell installer.
(Optional) (Shell only) Select the checkbox to enable multiple engines to run on the same machine.
If you have an existing engine, you did not select the checkbox, and you want to install another engine on the same machine, you need to delete the existing engine.
(Optional) Add any required configuration in JSON format.
Click Create New Engine.
For Shell installation, do the following:
.shfile to the engine machine using a tool like SSH or PuTTY.
On the engine machine, grant execution permission by running the following command:
chmod +x <engine-file-path>
Install the engine by typing one of the following commands:
sudo ./d1-<engine-name>-<XSOAR-version>-xxxxxxx.sh -- -tools=false
sudo ./d1-engine1-6.6-2458567.sh -- -tools=false
If you receive a
permissions deniederror, it is likely that you do not have permission to access the
For RPM/DEB installation do the following:
Move the file to the required machine using a tool like SSH or PuTTY.
Type one of the following installation commands:
sudo rpm -Uvh d1-2.5_15418-1.x86_64.rpm
sudo dpkg --install d1_xxx_amd64.deb
Start the engine by running one of the following commands:
sudo systemctl start d1
sudo service d1 restart
For zip file installation, do the following.
Move the d1
zipfile to the engine machine using a tool like WinSCP.
Unzip the file and move it to any location you require.
Open the file and run the d1_windows_amd64.exe file.
Every time you want to connect to Cortex XSOAR you need to run the D1 Application file.
(Optional) If you experience performance issues you may need to Configure the Number of Workers for the Server. To troubleshoot installation, upgrade, connectivity, or issues with integrations, see Troubleshoot Cortex XSOAR Engines.