Cortex XSOAR System Requirements - Installation Guide - 6.9 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Installation Guide

Product
Cortex XSOAR
Version
6.9
Creation date
2022-09-01
Last date published
2024-10-21
End_of_Life
EoL
Category
Installation Guide
Abstract

Cortex XSOAR system requirements - operating system, hardware, Docker/Podman, etc.

Cortex XSOAR server has specific operating system and hardware requirements. The following requirements are for both single server and multi-tenant installations unless otherwise specified.

Note the following:

  • It is recommended that you disable swap (swapoff -a) for consistent performance.

  • It is recommended that you use a dedicated server to run Cortex XSOAR and not run additional programs or software on the machine. If you run additional programs on the machine, performance will be affected.

  • A WebSocket communications protocol is used in Cortex XSOAR for bi-directional data transfer between the client browser and the server. Verify that the Websocket protocol is allowed on your network, including for proxies.

  • Linux kernel 5.2 and specific later versions include a bug that may cause XSOAR to panic on x64 platforms due to corrupted memory. Therefore, make sure if XSOAR is running on kernel version 5.3 and later, one of the following fixed kernel versions is used. You can identify your kernel version by running the uname -a or uname -r command.

    • 5.3.15 and later

    • 5.4.2 and later

    • 5.5 and later

    Note: The version of the Linux kernel you have depends on your Linux distribution.

Operating Systems

You can deploy Cortex XSOAR on the following operating systems and must meet the minimum hardware requirements:

Operating System

Supported Versions

Ubuntu

18.04, 20.04

RHEL

8.0, 8.1, 8.2, 8.3, 8.4, 8.5

Oracle Linux

7.x

Amazon Linux

2

Note

Centos 8.x reached End of Life (EOL) on December 31, 2021, and is no longer a supported operating system.

Centos 7.x reached End of Life (EOL) on June 30, 2024, and is no longer a supported operating system.

Operating System Git

Cortex XSOAR uses git for all version control commands. By default, the Cortex XSOAR installation includes git and the git files are installed at /usr/local/demisto/git/.

You also have the option to use your operating system git. If you are installing Cortex XSOAR for the first time, use the -git false flag during installation to skip the Cortex XSOAR git installation. If you have already installed Cortex XSOAR with git, you can manually delete the Cortex XSOAR git files, located at /usr/local/demisto/git/.

If you do not install Cortex XSOAR git or you delete the Cortex XSOAR git files, Cortex XSOAR will use the default operating system git. The minimum git version must be 2.21.0 or later.

Hardware Requirements

Component

Dev Environment Minimum

Production Minimum

CPU

8 CPU cores

16 CPU cores

Memory

16GB RAM

32GB RAM

Storage

500GB SSD

1TB SSD with minimum 3k dedicated IOPS

If your hard drive is partitioned, we recommend a minimum of 450GB for the /var partition for the development environment, and 900GB for the /var partition for the production environment.

When deploying Cortex XSOAR with the Bolt database, we recommend a limit of 1 million indicators for the development environment and 5-7 million indicators for the production environment. If you will have more indicators, we recommend using Elasticsearch.

Docker/Podman Requirements

Cortex XSOAR requires Docker or Docker for container management. Cortex XSOAR installs either Docker or Podman automatically based on your operating system. IPv4 forwarding is required.Docker Overview

You may need to take additional steps to set up Docker or Podman, depending on your operating system.

Podman, by default, uses the $HOME/.local/share/containers/storage directory, and we recommend reserving 150GB for the /home partition.

Operating System

Action

Oracle Linux

Manually Install Docker.Docker Installation

CentOS v7

You need Mirantis Container Runtime (formerly Docker Engine - Enterprise) or Red Hat's Docker distribution to run specific Docker-dependent integrations and automations. For more information see Install Docker Distribution for Red Hat on Cortex XSOAR.Install Docker Distribution for Red Hat on Cortex XSOAR

Required URLs

You need to allow the following URLs for Cortex XSOAR to operate properly.

Function

Service

Port

Direction

Web interface

HTTPS

443 (configurable)

Inbound

Engine connectivity

HTTPS

443 (configurable)

Inbound

Integrations

Integration-specific ports

Outbound

Docker

  • https://registry-1.docker.io

  • https://registry.fedoraproject.org

  • https://registry.access.redhat.com

  • https://registry.centos.org

  • https://docker.io

  • https://registry.docker.io

  • https://auth.docker.io

    This URL may change according to Docker’s discretion.

  • https://production.cloudflare.docker.com

    This URL may change according to Docker’s discretion.

443

Outbound

Unit42 Intel Inventory (TIM license)

https://unit42intel.xsoar.paloaltonetworks.com

443

Outbound

Marketplace

  • https://marketplace.xsoar.paloaltonetworks.com/

    Download content packs and view the Marketplace (to view content pack images, the domain should also be reachable from the browser).

  • storage.googleapis.com

    Download content packs and view the Marketplace. This domain stores content pack artifacts (to view content pack images, the domain should also be reachable from the browser). It is possible to further limit the URL prefix to: https://storage.googleapis.com/marketplace-dist/

  • api.demisto.com

    Download content packs and view the Marketplace (this file maps the Marketplace URL to the Cortex XSOAR version).

    Note

    You must add marketplace.xsoar.paloaltonetworks.com, storage.googleapis.com, and api.demisto.com otherwise you cannot access the Marketplace.

  • xsoar-authentication-proxy.paloaltonetworks.com

    Login and register users.

  • xsoar-marketplace-review.paloaltonetworks.com

    Review content packs.

  • xsoar-contrib.pan.dev

    Contribute content packs.

443

Outbound

Note

If you use SSL inspection and experience difficulty connecting the the required URLs, or the integration URL, we recommend excluding the required URLs from your SSL offloading on Firewall/Proxy.