Elasticsearch Server Configurations - Administrator Guide - 6.9 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.9
Creation date
2022-09-29
Last date published
2024-04-08
End_of_Life
EoL
Category
Administrator Guide
Abstract

Server configurations for Elasticsearch.

Key

Description

Default

elasticsearch.replicas.<common-indicator>

Sets the number of replica shards for an index upon creation, where <common-indicator> is the name of the index. The value of the replica shards and shards should match the total sum of Elasticsearch nodes. For more information, see General Configurations.

1

elasticsearch.shards.<common-indicator>

Sets the number of shards for an index upon creation, where <common-indicator> is the name of the index. The value of the replica shards and shards should match the total sum of Elasticsearch nodes. For more information, see General Configurations.

1

Security.elasticsearch.account

(Multi-tenant) Enables security features in Elasticsearch. Change to false to override and disable security.

true

Security.elasticsearch.apikey

(Multi-tenant) If there is no API key on the main/host configuration, you can create an API key for a tenant.

true

server.large.html.unsearchable

Set to false to make html fields searchable in the UI. To limit memory consumption, by default, indexing for HTML fields is disabled.

true

server.large.markdown.unsearchable

Set to false to make markdown fields searchable in the UI. To limit memory consumption, by default, indexing for markdown fields is disabled.

true

server.text.max.characters

For both Bolt DB and Elasticsearch, by default, indexing HTML, markdown, and long text fields, are set to 30,000 characters. If large fields are detected, only the first 30,000 characters are searchable. Increasing the amount may have a detrimental effect on performance.

30000