Troubleshoot Docker Networking Issues - Administrator Guide - 6.8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.8
Creation date
2022-09-28
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Troubleshoot Docker networking issues in Cortex XSOAR. Docker networking stack. Docker containers with host networking. Engines.

In Cortex XSOAR, integrations and automation scripts run either on the server or in a Docker container.

Server-based integrations

Integrations and automation scripts that run on the server include native integrations (part of the server binary) and JavaScript integrations. JavaScript integrations run within the Cortex XSOAR server process using a JS virtual environment. These integrations use the same network IPs as the server.

Docker-based integrations

These include integrations written in Python or Powershell. Docker creates its own networking, thus the integrations are using a different networking stack from the Cortex XSOAR server. The source IPs for these integrations are different and provided according to the Docker networking configuration.

When running integrations or automations that run within Docker containers you might encounter cases that networking fails for these integrations. The following are several examples of error messages that indicate a networking issue:

  • [Errno -2] Name does not resolve

  • [Errno 110] Operation timed out

  • Failed to establish a new connection: [Errno -3] Try again

It is recommended that you use the Docker networking stack because it provides networking isolation and to consult the Docker documentation to resolve Docker networking issues.

If there are issues running Docker's networking stack, you have the option to run Docker containers with the host networking. In this mode, the container will share the host’s network stack and all interfaces from the host will be available to the container. The container’s host name will match the hostname on the host system. To enable host networking, add the following advanced server configuration in Cortex XSOAR:

  • Key: python.pass.extra.keys

  • Value: --network=host

After you add the server configuration, run the /reset_containers command from the Cortex XSOAR CLI to reset all containers and to begin using the new configuration.

For multi-tenant deployments, you need to add this setting to each tenant.

Engines

If you have Docker networking issues when using an engine, you need to modify the d1.conf file.

  1. On the machine where the Engine is installed, open the d1.conf file.

  2. Add to the d1.conf file the following:

    {
    	"LogLevel": "info",
    	"LogFile": "/var/log/demisto/d1.log",
    	"EngineURLs": [
    	"wss://1234.demisto.live/d1ws"
    	],
    	    				    "BindAddress": ":443",
    	"EngineID": "XYZ",
    	"ServerPublic": "ABC"
    	"ArtifactsFolder": "",
    	"TempFolder": "",
    	"python.pass.extra.keys": "--network=host"
    	}
  3. Save the file.

  4. Restart the engine using systemctl restart d1 or service d1 restart.