List of files and folders created during the multi-tenant installation. Instructions for installing a Cortex XSOAR multi-tenant with Elasticsearch.
Ensure the following:
Run all commands as the root user.
If you are installing on an Oracle Linux operating system, manually Install Docker.
If you are installing on CentOS v7, install Mirantis Container Runtime (formerly Docker Engine - Enterprise) or Red Hat's Docker distribution to run specific Docker-dependent integrations and automations. For more information see Install Docker Distribution for Red Hat on Cortex XSOAR.
Note
Multi-tenant deployments are only intended for MSSPs and certain enterprise use cases. If you are not an MSSP and want to deploy a multi-tenant environment, you must first consult with the Cortex XSOAR product management team. If you deploy a multi-tenant environment without approval from the product management team, Cortex XSOAR will not support the deployment.
Installation File Structure
For information about the default installation file structure, see Installation File Structure.
Installer Flags
For the list of supported installer flags, see Elasticsearch Installer Flags.
Download the server package you received from Cortex XSOAR support.
Note
When you receive a link to download, ensure that the
downloadLink
link refers tohttps://download.demisto.com
and nothttps://download.demisto.works
.For example,
wget -O demisto.sh “https://download.demisto.com/download-params?token=xabcedef&email=user@paloaltonetworks.com&eula=accept”
To download the latest vendor affirmed FIPS version, append
&downloadName=fips
. For example,wget -O demisto.sh “https://download.demisto.com/download-params?token=xabcedef&email=user@paloaltonetworks.com&eula=accept&downloadName=fips”
Run the
chmod +x demisto.sh
to make the server package executable.To install the app server with Elasticsearch, run one of the following commands:
If using username and password authentication:
sudo ./demisto.sh -- -multi-tenant -elasticsearch-url=<elastic search url address> -elasticsearch-username=<the elasticsearch user name> -elasticsearch-password=<the elasticsearch password>
If using API key authentication:
sudo ./demisto.sh -- -multi-tenant -elasticsearch-url=<elastic search url address> -elasticsearch-api-key=<the elasticsearch API key>
Flag
Type
Description
-multi-tenant
String
Indicates that the installation is for Multi-tenant.
-elasticsearch-url
String
Elasticsearch URL addresses (comma-separated). For example,
http://test1:9200,http://test2:9200
-elasticsearch-api-key
String
The Elasticsearch API key, which should be used in licensed versions.
Note: If you use this flag, you do not need to use the
-elasticsearch-username
and-elasticsearch-password
flags.-elasticsearch-username
String
The Elasticsearch username. This flag is used with the
-elasticsearch-password
flag.Note: If you use this flag, you do not need to use the
-elasticsearch-api-key
flag.-elasticsearch-password
String
The Elasticsearch password. This flag is used with the
-elasticsearch-username
flag.Note: If you use this flag, you do not need to use the
-elasticsearch-api-key
flag.-elasticsearch-proxy
Boolean
Whether to use a proxy when communicating with Elasticsearch. Can be
true
orfalse
. Default isfalse
.-elasticsearch-insecure
Boolean
Whether to trust any certificate when communicating with Elasticsearch. Can be
true
orfalse
. Default istrue
.-elasticsearch-timeout
Integer
The amount of time (in seconds) before Elasticsearch times out. Default is 20 seconds.