System Requirements - Administrator Guide - 6.9 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.9
Creation date
2022-09-29
Last date published
2024-12-04
End_of_Life
EoL
Category
Administrator Guide
Abstract

Verify that your Cortex XSOAR deployment meets the minimum system requirements.

Cortex XSOAR requires the following software and hardware. Ensure you meet all minimum system requirements.

A WebSocket communications protocol is used in Cortex XSOAR for bi-directional data transfer between the client browser and the server. Verify that the Websocket protocol is allowed on your network, including for proxies.

Note

Linux kernel 5.2 and specific later versions include a bug that may cause XSOAR to panic on x64 platforms due to corrupted memory. Therefore, make sure if XSOAR is running on kernel version 5.3 and later, one of the following fixed kernel versions is used:

  • 5.3.15 and later

  • 5.4.2 and later

  • 5.5 and later

You can identify your kernel version by running the uname -a or uname -r command.

Cortex XSOAR Server

Cortex XSOAR server has specific operating system and hardware requirements.

Tip

  • It is recommended that you disable swap for consistent performance.

  • It is recommended that you use a dedicated server to run Cortex XSOAR and not run additional programs or software on the machine. If you run additional programs on the machine, performance will be affected.

Operating Systems

You can deploy Cortex XSOAR on the following operating systems and must meet the minimum hardware requirements:

Operating System

Supported Versions

Ubuntu

18.04, 20.04

RHEL

8.0, 8.1, 8.2, 8.3, 8.4, 8.5

Oracle Linux

7.x

Amazon Linux

2

Note

Centos 8.x reached End of Life (EOL) on December 31, 2021, and is no longer a supported operating system.

Centos 7.x reached End of Life (EOL) on June 30, 2024, and is no longer a supported operating system.

Operating System Git

Cortex XSOAR uses git for all version control commands. By default, the Cortex XSOAR installation includes git and the git files are installed at /usr/local/demisto/git/.

You also have the option to use your operating system git. If you are installing Cortex XSOAR for the first time, use the -git false flag during installation to skip the Cortex XSOAR git installation. If you have already installed Cortex XSOAR with git, you can manually delete the Cortex XSOAR git files, located at /usr/local/demisto/git/.

If you do not install Cortex XSOAR git or you delete the Cortex XSOAR git files, Cortex XSOAR will use the default operating system git. The minimum git version must be 2.21.0 or later.

Hardware Requirements

Component

Dev Environment Minimum

Production Minimum

CPU

8 CPU cores

16 CPU cores

Memory

16GB RAM

32GB RAM

Storage

500GB SSD

1TB SSD with minimum 3k dedicated IOPS

If your hard drive is partitioned, we recommend a minimum of 450GB for the /var partition for the development environment, and 900GB for the /var partition for the production environment.

When deploying Cortex XSOAR with BoltDB, we recommend a limit of 1 million indicators for the development environment and 5-7 million indicators for the production environment. If you will have more indicators, we recommend using Elasticsearch.

Docker/Podman Requirements

Cortex XSOAR requires Docker or Podman for container management. Cortex XSOAR installs either Docker or Podman automatically based on your operating system. IPv4 forwarding is required.

You may need to take additional steps to set up Docker or Podman, depending on your operating system.

Podman, by default, uses the $HOME/.local/share/containers/storage directory, and we recommend reserving 150GB for the /home partition.

Operating System

Action

Oracle Linux

Manually install Docker.

CentOS v7

You need Mirantis Container Runtime (formerly Docker Engine - Enterprise) or Red Hat's Docker distribution to run specific Docker-dependent integrations and automations. For more information see Install Docker Distribution for Red Hat on Cortex XSOAR.

Web Browsers

Cortex XSOAR supports the following web browsers:

Web Browser

Version

Chrome

95.x and later

Firefox

93.x and later

Safari

13.x and later

Microsoft Edge

Latest version

It is always recommended to use the latest browser versions.

Required URLs

You need to allow the following URLs for Cortex XSOAR to operate properly.

Function

Service

Port

Direction

Web interface

HTTPS

443 (configurable)

Inbound

Engine connectivity

HTTPS

443 (configurable)

Inbound

Integrations

Integration-specific ports

Outbound

Docker

  • https://registry-1.docker.io

  • https://registry.fedoraproject.org

  • https://registry.access.redhat.com

  • https://registry.centos.org

  • https://docker.io

  • https://registry.docker.io

  • https://auth.docker.io

    This URL may change according to Docker’s discretion.

  • https://production.cloudflare.docker.com

    This URL may change according to Docker’s discretion.

443

Outbound

Unit42 Intel Inventory (TIM license)

https://unit42intel.xsoar.paloaltonetworks.com

443

Outbound

Marketplace

  • https://marketplace.xsoar.paloaltonetworks.com/

    Download content packs and view the Marketplace (to view content Pack images, the domain should also be reachable from the browser).

  • storage.googleapis.com

    Download content packs and view the Marketplace. This domain stores content pack artifacts (to view content pack images, the domain should also be reachable from the browser). It is possible to further limit the url prefix to: https://storage.googleapis.com/marketplace-dist/

  • api.demisto.com

    Download content packs and view the Marketplace (this file maps the Marketplace URL to the Cortex XSOAR version).

    Note

    You must add marketplace.xsoar.paloaltonetworks.com, storage.googleapis.com, and api.demisto.com otherwise you cannot access the Marketplace.

  • xsoar-authentication-proxy.paloaltonetworks.com

    Login and register users.

  • xsoar-marketplace-review.paloaltonetworks.com

    Review content packs.

  • xsoar-contrib.pan.dev

    Contribute content packs.

443

Outbound

Note

If you use SSL inspection and experience difficulty connecting the the required URLs, or the integration URL, we recommend excluding the required URLs from your SSL offloading on Firewall/Proxy.