Install Multi-Tenant with Elasticsearch - Installation Guide - 6.9 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Installation Guide

Product
Cortex XSOAR
Version
6.9
Creation date
2022-09-01
Last date published
2024-02-07
End_of_Life
EoL
Category
Installation Guide

Ensure the following:

  • Run all commands as the root user.

  • If you are installing on an Oracle Linux operating system, manually Install Docker.Docker Installation

  • If you are installing on CentOS v7, install Mirantis Container Runtime (formerly Docker Engine - Enterprise) or Red Hat's Docker distribution to run specific Docker-dependent integrations and automations. For more information see Install Docker Distribution for Red Hat on Cortex XSOAR.Install Docker Distribution for Red Hat on Cortex XSOAR

Note

Multi-tenant deployments are only intended for MSSPs and certain enterprise use cases. If you are not an MSSP and want to deploy a multi-tenant environment, you must first consult with the Cortex XSOAR product management team. If you deploy a multi-tenant environment without approval from the product management team, Cortex XSOAR will not support the deployment.

Installation File Structure

For information about the default installation file structure, see Installation File Structure.

Installer Flags

For the list of supported installer flags, see Elasticsearch Installer Flags.

  1. Download the server package you received from Cortex XSOAR support.

    Note

    When you receive a link to download, ensure that the downloadLink link refers to https://download.demisto.com and not https://download.demisto.works.

    For example, wget -O demisto.sh “https://download.demisto.com/download-params?token=xabcedef&email=user@paloaltonetworks.com&eula=accept”

    To download the latest vendor affirmed FIPS version, append &downloadName=fips. For example, wget -O demisto.sh “https://download.demisto.com/download-params?token=xabcedef&email=user@paloaltonetworks.com&eula=accept&downloadName=fips”

  2. Run the chmod +x demisto.sh to make the server package executable.

  3. To install the app server with Elasticsearch, run one of the following commands:

    • If using username and password authentication: sudo ./demisto.sh -- -multi-tenant -elasticsearch-url=<elastic search url address> -elasticsearch-username=<the elasticsearch user name> -elasticsearch-password=<the elasticsearch password>

    • If using API key authentication: sudo ./demisto.sh -- -multi-tenant -elasticsearch-url=<elastic search url address> -elasticsearch-api-key=<the elasticsearch API key>

    Flag

    Type

    Description

    -multi-tenant

    String

    Indicates that the installation is for Multi-tenant.

    -elasticsearch-url

    String

    Elasticsearch URL addresses (comma-separated). For example, http://test1:9200,http://test2:9200

    -elasticsearch-api-key

    String

    The Elasticsearch API key, which should be used in licensed versions.

    Note: If you use this flag, you do not need to use the -elasticsearch-username and -elasticsearch-password flags.

    -elasticsearch-username

    String

    The Elasticsearch username. This flag is used with the -elasticsearch-password flag.

    Note: If you use this flag, you do not need to use the -elasticsearch-api-key flag.

    -elasticsearch-password

    String

    The Elasticsearch password. This flag is used with the -elasticsearch-username flag.

    Note: If you use this flag, you do not need to use the -elasticsearch-api-key flag.

    -elasticsearch-proxy

    Boolean

    Whether to use a proxy when communicating with Elasticsearch. Can be true or false. Default is false.

    -elasticsearch-insecure

    Boolean

    Whether to trust any certificate when communicating with Elasticsearch. Can be true or false. Default is true.

    -elasticsearch-timeout

    Integer

    The amount of time (in seconds) before Elasticsearch times out. Default is 20 seconds.