Access Cortex XSOAR's private container registry for docker images.
By default, Cortex XSOAR uses Docker Hub's public container registry. As an alternative to using Docker Hub, you can use the Cortex XSOAR private container registry (XSOAR Registry), which contains all Docker images that Cortex XSOAR uses in integrations and automations. When you use the XSOAR Container Registry, you can avoid limitations that Docker imposes on Docker Hub, for example rate limits. The registry is available at: xsoar-registry.pan.dev
.
The XSOAR Registry requires authentication using the following credentials:
Username: Use the license Customer Name, by going to
→ → .Password: Use the License ID. To obtain the License ID, go to the License file and copy the ID from the
id
property, or run the!GetLicenseID
command, included in the Common Scripts content pack.The License ID starts and ends with the CUID string.
To pull Docker images from the XSOAR Registry, verify the following base URLs are allowed in your firewall/proxy:
https://xsoar-registry.pan.dev
https://storage.googleapis.com
When using a custom Docker registry, including the Cortex XSOAR Container Registry, you must include localhost
when you create a custom Docker image. Examples:
localhost.local/directory/container_name
localhost/directory/container_name
Authenticate to the XSOAR Registry.
For Docker:
sudo -u demisto docker login -u
<license customer name>
-p<license id>
xsoar-registry.pan.devFor Podman (Red Hat 8.x):
sudo su -s /bin/bash - demisto -c 'podman login -u "<license customer name>" -p "<license id>" xsoar-registry.pan.dev'
If you see an error such as
Error saving credentials: mkdir /home/demisto: permission denied
, the demisto user is either missing the home directory or the permissions on the directory are not valid.To verify the home directory assigned to the demisto user, run
echo ~demisto
to display the home directory, such as:/home/demisto
.To ensure the directory exists and has the correct permissions, run the following commands, using the directory from
echo ~demisto
:sudo mkdir -p
/home/demisto
sudo chown -R demisto:demisto
/home/demisto
Test that the XSOAR Registry is properly authenticated.
For Docker:
sudo -u demisto docker pull xsoar-registry.pan.dev/demisto/python3:3.10.4.27798
For Podman (Red Hat 8.x):
sudo su -s /bin/bash - demisto -c 'podman pull xsoar-registry.pan.dev/demisto/python3:3.10.4.27798'
Add a server configuration.
Select
→ → → .Add the following key and value:
Key
Value
python.docker.registry
xsoar-registry.pan.dev
If you are using an engine, apply the same server configuration to the engine machine by adding
{ “python.docker.registry”: “xsoar-registry.pan.dev" }
to the JSON file.
Reset containers by running the following command in the Cortex XSOAR Server Playground:
/reset_containers
Test a Docker based automation or integration. For example, from the Cortex XSOAR Server Playground, run the following command:
!py script="print('test')"
In the Cortex XSOAR Server Playground, verify that Docker images from xsoar-registry.pan.dev have been pulled, by running the following command:
/docker_images
The command
/docker_images
may also display Docker images pulled before enabling the XSOAR Registry or Docker images that were shipped as part of the server installer.
If you need to use external Docker images (images not available in the XSOAR Registry and not part of the demisto org) in custom content, specify the full image name with the registry prefix in the automation or integration configuration. For example:
docker.io/frolvlad/alpine-python2:latest
registry.access.redhat.com/ubi8/python-38:latest
myregistryhost:5000/myorg/myimage:version1.0