Install a Cortex XSOAR Engine Offline - Administrator Guide - 6.9 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Cortex XSOAR
Creation date
Last date published
Administrator Guide

Install a Cortex XSOAR Engine offline when you don’t have access to the Internet. Tested on RHEL v8.

Use these instructions when using the Cortex XSOAR installer script for engine installation with no internet connectivity.

You need to download Cortex XSOAR Dependencies for Offline Installation and Docker images on a machine that has internet access, and then transfer them to a machine where you want to install the engine. After installing the engine, install the dependencies and images.

Always verify that your Cortex XSOAR dependencies are updated and take into account that they might change across releases.

  1. On a machine with internet access, do the following:

    1. Download the Dependencies for Offline Installation for your deployment type.

      • (Red Hat or CentOS) Run the following commands:

        sudo yum check update

        sudo yum install <name of the dependency>

        For example, sudo yum install systemd

      • (Ubuntu) Run the following commands:

        sudo apt-get update

        sudo apt-get install <name of the dependency>

        For example, sudo apt-get install systemd

    2. Download the Docker images by appending downloadName=dockerimages to the download link you received from Cortex XSOAR.

      For example:

      wget -O dockerimages.tar ""

    3. Create an engine.

      1. Select SettingsINTEGRATIONSEnginesCreate New Engine.

      2. In the Engine Name field, add a meaningful name for the engine.

      3. Select one of the installer types from the dropdown list.

        For Linux systems it is recommended to use the Shell installer.

      4. (Optional) If you want to add the engine to a load balancing group, from the dropdown list, select the group you want to add.

        The dropdown list only appears after you have created and connected an engine and created a load balancing group. To add the engine to a new group, select Add new group from the dropdown list.

        The engine cannot be used as an individual engine and does not appear when configuring an engine from the dropdown list.

      5. (Optional) (Shell only) Select the checkbox to enable multiple engines to run on the same machine.

        If you have an existing engine, you did not select the checkbox, and you want to install another engine on the same machine, you need to delete the existing engine.

      6. (Optional) Add any required configuration in JSON format.

      7. Click Create New Engine.

  2. On the machine you want to install the engine, do the following:

    1. Transfer the files downloaded in step 1.

    2. Verify that the required dependencies in step 1 are installed successfully by running one of the following commands.

      • (Red Hat or CentOS) repoquery -a --installed

      • (Ubuntu) apt list --installed

    3. Install the engine.

      1. Grant execution permission by running the following command:

        chmod +x /<engine-file-path>

      2. Install the engine by running the following command:

        sudo ./d1-<engine-name>-<XSOAR-version> -- -tools=false -do-not-start-engine=true

        For example, sudo ./ -- -tools=false -do-not-start-engine=true

        If you receive a permissions denied error, it is likely that you do not have permission to access the /tmp directory.

    4. (Red Hat v8 & above) If you have not done so already, install and configure Podman, by following the steps in Migrate From Docker to Podman (from step 2 onwards).

    5. Load the Docker images that you downloaded in step 1, by doing one of the following:

      • (Ubuntu, Red Hat v7 & below, or CentOS v7 & below) Run the following command:

        sudo docker load -i <YOUR_DOCKER_FILE>.tar

      • (Red Hat v8 & above) Do the following:

        1. Ensure that the docker file has demisto:demisto ownership.

        2. Ensure that you are in the root directory (cd /).

        3. Run the following commands:

          sudo -su demisto

          podman load -i <YOUR_DOCKER_FILE>.tar

        4. (Optional) To verify that images are able to run, use the podman images command. You can also run the podman images -q "demisto/python:1.3-alpine" command to validate specific images and identify any issues.

  3. Start the server, by running the following command:

    sudo systemctl start d1


    For multiple engines the d1 service name may differ.

  4. (Optional) After installation has completed, do the following:

    1. Confirm that the Cortex XSOAR engine status is active, by running the systemctl status d1 command.

    2. Validate that the engine is connected and running by going to Settings+INTEGRATIONSEngines.

    3. Run the engine on a sample integration. For example, in the Hello World (Community Contribution) integration set the integration to run on the engine.

    4. Run a simple command to test that the engine is working properly using the integration.