Learn more about deployment considerations and onboarding steps for Cortex XSOAR.
Before you start your Cortex XSOAR deployment, consider the following:
Do you need Cortex XSOAR to communicate with internal or external applications that may be blocked by a firewall or proxy?
You may need to create an engine to enable communication or for load balancing.
Do you want to deploy a single node (standalone) or a cluster of three or more nodes?
When deciding how many nodes to deploy, consider the following:
Currently, if you deploy a single node (standalone), you cannot switch to a cluster of three or more nodes.
If you deploy a cluster of three or more nodes, coming soon you can implement out-of-the-box high availability (HA) by replicating data between the nodes in the cluster.
Do you need a repository for content development?
Add your private repository to Cortex XSOAR.
The remote repository enables developing and testing content in a development environment before using it in a production environment.
Production and development are separate Kubernetes clusters with no dependency between them. For example, you can deploy a three-node cluster for production and a standalone node for development. Or if you want to implement HA with three nodes for production and for development, you need a total of six nodes, three for production and three for development.
How do you want users to access Cortex XSOAR? Do you need to set up SSO?
Do you need to restrict user roles to certain actions?
How do you want to communicate with users in Cortex XSOAR?
Which mail sender do you use? Do you want to integrate a communication app, such as Slack?
What steps do you currently take in your day-to-day SOC operations? Which integrations will enable you to automate your most important and time consuming procedures?