Install Cortex XSOAR for a multi-tenant deployment using an Elasticsearch database. Installer flags for multi-tenant deployment with Elasticsearch.
Ensure you run all commands as root user.
The following files and folders created during the multi-tenant installation.
File/Folder | Path |
---|---|
Binaries |
|
Data |
|
Logs |
|
Configuration |
|
Download the server package you received from Cortex XSOAR support.
Note
When you receive a link to download, ensure that the
downloadLink
link points tohttps://download.demisto.com
and nothttps://download.demisto.works
.For example,
wget -O demisto.sh “https://download.demisto.com/download-params?token=xabcedef&email=user@paloaltonetworks.com&eula=accept”
To download the latest vendor affirmed FIPS version, append
&downloadName=fips
. For example,wget -O demisto.sh “https://download.demisto.com/download-params?token=xabcedef&email=user@paloaltonetworks.com&eula=accept&downloadName=fips”
Run the
chmod +x demisto.sh
to make the server package executable.To install the app server with Elasticsearch, run one of the following commands:
If using username and password authentication:
sudo ./demisto.sh -- -multi-tenant -elasticsearch-url=<elastic search url address> -elasticsearch-username=<the elasticsearch user name> -elasticsearch-password=<the elasticsearch password>
If using API key authentication:
sudo ./demisto.sh -- -multi-tenant -elasticsearch-url=<elastic search url address> -elasticsearch-api-key=<the elasticsearch API key>
Flag
Type
Description
-multi-tenant
String
Indicates that the installation is for a Multi-tenant deployment.
-elasticsearch-url
String
Elasticsearch URL addresses (comma-separated). For example,
http://test1:9200,http://test2:9200
-elasticsearch-api-key
String
The Elasticsearch API key, which should be used in licensed versions.
Note: If you use this flag, you do not need to use the
-elasticsearch-username
and-elasticsearch-password
flags.-elasticsearch-username
String
The Elasticsearch username. This flag is used with the
-elasticsearch-password
flag.Note: If you use this flag, you do not need to use the
-elasticsearch-api-key
flag.-elasticsearch-password
String
The Elasticsearch password. This flag is used with the
-elasticsearch-username
flag.Note: If you use this flag, you do not need to use the
-elasticsearch-api-key
flag.-elasticsearch-proxy
Boolean
Whether to use a proxy when communicating with Elasticsearch. Can be
true
orfalse
. Default isfalse
.-elasticsearch-insecure
Boolean
Whether to trust any certificate when communicating with Elasticsearch. Can be
true
orfalse
. Default istrue
.-elasticsearch-timeout
Integer
The amount of time (in seconds) before Elasticsearch times out. Default is 20 seconds.
To continue with a high availability configuration, you must install an additional app server.