Cortex XSOAR architecture - Administrator Guide - 8.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR On-prem Documentation

Product
Cortex XSOAR
Version
8.5
Creation date
2024-03-10
Last date published
2024-11-28
Category
Administrator Guide
Solution
On-prem
Abstract

Describes the XSOAR On-prem architecture.

The following diagram describes the high-level architecture for Cortex XSOAR:

Cortex XSOAR installation is implemented by your IT team or Cortex XSOAR administrators. Cortex XSOAR uses the following:

xsoar-arch-opp.png
  • Rational store using MySQL

  • Cache and synchronization using Redis

  • Data warehousing using Elasticsearch

Cortex XSOAR is provided as an Kubernetes cluster, a set of nodes (VMs) that runs containerized applications that package Cortex XSOAR with its dependencies and some necessary services. You can decide how many nodes/VMs to include in the cluster when running the Administrative tool. You can decide between a standalone environment (one or two nodes) or a multi-nodes cluster (three or more nodes).

Playbooks are executed on dedicated and isolated workers and workloads do not share compute resources.