Install Cortex XSOAR with Bolt Database - Installation instructions for standard Cortex XSOAR single server deployments, with the app server and database server on the same machine. - Installation Guide - 6.13 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Installation Guide
Product
Cortex XSOAR
Version
6.13
Creation date
2024-04-15
Last date published
2025-10-27
Category
Installation Guide
Abstract

Installation instructions for standard Cortex XSOAR single server deployments, with the app server and database server on the same machine.

Note

  • If you deploy a signed installer, import the public key to the operating system. The public key is valid for six months.

  • If you are installing on an Oracle Linux operating system, you need to manually Install Docker.Docker Installation

Installation File Structure

The following is the file and folder structure in a standard Cortex XSOAR installation.

By default, Cortex XSOAR is installed in the /root folder, but you can Move Data Folders to Another Location on the Server, if necessary.Move Data Folders to Another Location on the Server

Asset

Path

Binaries

/usr/local/demisto

Data

/var/lib/demisto

Logs

/var/log/demisto

Configuration

/etc/demisto.conf (not created if defaults are selected during installation)

Reports

/tmp/demisto_install.log

Install Log

/tmp/demisto_install.log

If you want to create different mounts for the /var/lib/demisto, /var/lib/docker, and /tmp partitions, it is recommended to allocate the following space to each partition (dependent on the expected amount of data, and the size of your incidents and indicators).

  • /var/lib/demisto: 200 GB (development) 1000 GB (production)

    If using Elasticsearch, see Elasticsearch System Requirements.Elasticsearch System Requirements

  • If using Docker - /var/lib/docker: 70 GB (development) 150 GB (production)

  • If using Podman - /home: 70 GB (development) 150 GB (production)

  • /tmp: 10 GB (development and production)

Prerequisites

Verify the following information and requirements before you install Cortex XSOAR.

  • Your installation meets the system requirements.Cortex XSOAR System Requirements

  • You have root access.

How to install Cortex XSOAR with Bolt Database

  1. Log in to Cortex Gateway.

  2. In the Available for Activation section, use the serial number to locate the tenant to download.

    By default, the Production-Standalone license is selected. You can also select Dev.

    If you want to use a production and a development tenant with a private remote repository, select Dev. If you don't select it now, you can install a development tenant later.

  3. Select Download On Prem.

  4. Click Next.

  5. Under Choose Download Option, select Installer.

  6. Select the checkbox to agree to the terms and conditions of the license and click Download.

    Tip

    In Google Chrome, to download the image and license files together, you may need to set the browser SettingsPrivacy and securitySite settingsAdditional permissionsAutomatic downloads to the default behavior Sites can ask to automatically download multiple files.

    Two files download: the demistoserver-xxxxx.sh installer file and a zipped JSON license file.

    Note

    You can copy the download link button from the Downloads section in your browser to get the token needed for offline installation.

  7. (Optional) If you are deploying Cortex XSOAR using a signed installer (GPG), you need to import the GPG public key that was provided with the signed installer.

    For example, you can use the rpm --import public.key command to import the public key into the local GPG keyring. Note that each operating system has specific requirements.

  8. (Optional) If you are deploying Cortex XSOAR using a signed installer (GPG) you might need to manually install the makeself package by running the yum install makeself command.

  9. Run the chmod +x demisto.sh command to convert the .sh file to an executable file.

  10. Execute the .sh file, by running the following command.

    sudo ./demisto.sh

    Add Installer Flags as required.

  11. Accept the EULA and add the information when prompted.

    1. The Server HTTPS port (default is 443)

    2. Type No when asked if you are connecting to an Elasticsearch database.

    3. Type the name of the Admin user (default is admin).

    4. Type the password (default is admin).

  12. (Optional) After the installation has completed, do the following:

    1. Confirm that the Cortex XSOAR server status is active, by running the systemctl status demisto command.

      If the server is not active, run the systemctl start demisto command to start the server.

    2. Confirm that the Docker service status is active, by running the systemctl status docker command.

    3. In a web browser, go to the https://serverURL:port to verify that Cortex XSOAR was successfully installed.

      When you open Cortex XSOAR for the first time you need to add the license.

Troubleshooting

In some cases, due to moving previous installation files, the installation can fail and the following error message is displayed:

mv: cannot stat '/var/lib/dpkg/info/demistoserver.postrm': No such file or directory
Failed to execute: 'mv': exit status 1

There are two options to resolve this issue:

  • Make a note of the path to the demistoserver.postrm file. Rerun the installation using this path for the -- -prev-uninstall-script flag. Example: -- -prev-uninstall-script="/path/to/demistoserver.postrm"

  • Rerun the installation with the flag -- -use-prev-uninstall-script=true. Note that if you use this flag and have previously created a special ID & group for demisto users, the demisto user and group are deleted and recreated during installation.