Engine Installation - Administrator Guide - 6.9 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.9
Creation date
2022-09-29
Last date published
2024-12-04
End_of_Life
EoL
Category
Administrator Guide
Abstract

Review system requirements and engine installation types (Shell, DEB, RPM, Zip, Configuration) available for Cortex XSOAR engines.

You can install Cortex XSOAR engines on all Linux and Windows machines. Although Cortex XSOAR engines are intended for Linux operating systems, they can be used on Windows, but Docker on Windows machines must be configured to run Linux containers. Docker/Podman needs to be installed before installing an engine. If you are using the Shell installer for an engine, Docker/Podman is installed automatically.

Engine Hardware Requirements

If your hard drive is partitioned, we recommend a minimum of 50GB for the /var partition for your development environment, and 50GB for the /var partition for your production environment. If you are using RHEL 8.x and Podman, we recommend allocating a minimum of 50GB for the /home partition and 50GB for the /var partition.

Component

Dev Environment Minimum

Production Minimum

CPU

8 CPU cores

16 CPU cores

Memory

16GB RAM

32GB RAM

Storage

100GB

100GB

Note

If using Podman, we recommend reserving 150 GB for container storage, either in the /home partition or a different storage directory that you have set using the rootless_storage_path key. For more information, see Podman Overview.

Operating System Requirements

You can deploy a Cortex XSOAR engine on the following operating systems:

Operating System

Supported Versions

Ubuntu

18.04, 20.04, 22.04

RHEL

8.0, 8.1, 8.2, 8.3, 8.4, 8.5, 8.6, 8.7

Oracle Linux

7.x

Amazon Linux

2

Note

Centos 8.x reached End of Life (EOL) on December 31, 2021, and is no longer a supported operating system.

Centos 7.x reached End of Life (EOL) on June 30, 2024, and is no longer a supported operating system.

Engine Required URLs

You need to allow the following in the URLs for Cortex XSOAR engines to operate properly.

FUNCTION

SERVICE

PORT

DIRECTION

Integrations

Integration-specific ports

Outbound

Engine connectivity

HTTPS

443 (configurable)

Outbound

Engine Installation Types

Before you install the engine, you need to define the base URL in the Settings page so the engine can communicate with the server. The base URL is the external IP address of your Cortex XSOAR server. If you do not define the base URL, you need to add it to the d1.conf file after you create the engine.

  • Shell: For all Linux deployments. Automatically installs Docker/Podman, downloads Docker/Podman images, enables remote engine upgrade, and allows installation of multiple engines on the same machine.

    The installation file is selected for you. Shell installation supports the purge flag, which by default is false.

  • DEB: For Ubuntu operating systems.

  • RPM: CentOS and RHEL operating systems. If you require a signed RPM file for installation, Install a Signed Engine.

    Note

    Use DEB and RPM installation when shell installation is not available.

  • Zip: Used for Windows machines.

  • Configuration: Configuration file for download. When you install one of the other options, this config file (d1.conf) is installed on the engine machine.

Note

How to Install a Cortex XSOAR Engine

To install an engine, do one of the following: