Plan your deployment - Administrator Guide - 8.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR On-prem Documentation

Product
Cortex XSOAR
Version
8.5
Creation date
2024-03-10
Last date published
2024-11-13
Category
Administrator Guide
Solution
On-prem
Abstract

Learn more about deployment considerations and onboarding steps for Cortex XSOAR.

Before you start your Cortex XSOAR deployment, consider the following:

  • Do you need Cortex XSOAR to communicate with internal or external applications that may be blocked by a firewall or proxy?

    You may need to create an engine to enable communication or for load balancing.

  • Do you want to deploy a single node (standalone) or a cluster of three or more nodes?

    When deciding how many nodes to deploy, consider the following:

    • Currently, if you deploy a single node (standalone), you cannot switch to a cluster of three or more nodes.

    • If you deploy a cluster of three or more nodes, coming soon you can implement out-of-the-box high availability (HA) by replicating data between the nodes in the cluster.

  • Do you need a repository for content development?

    Add your private repository to Cortex XSOAR.

    The remote repository enables developing and testing content in a development environment before using it in a production environment.

    Production and development are separate Kubernetes clusters with no dependency between them. For example, you can deploy a three-node cluster for production and a standalone node for development. Or if you want to implement HA with three nodes for production and for development, you need a total of six nodes, three for production and three for development.

  • How do you want users to access Cortex XSOAR? Do you need to set up SSO?

  • Do you need to restrict user roles to certain actions?

  • How do you want to communicate with users in Cortex XSOAR?

    Which mail sender do you use? Do you want to integrate a communication app, such as Slack?

  • What steps do you currently take in your day-to-day SOC operations? Which integrations will enable you to automate your most important and time consuming procedures?