Set up a private remote repository - Administrator Guide - 8.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR On-prem Documentation

Product
Cortex XSOAR
Version
8.5
Creation date
2024-03-10
Last date published
2024-11-28
Category
Administrator Guide
Solution
On-prem
Abstract

Set up the private content repository feature.

When you set up a remote repository, you can add any private content repository that is Git-based, including GitHub, GitLab, and Bitbucket. Also, On-prem repositories are supported.

Although you can set up multiple development tenants, in a cluster of tenants that includes one production tenant and one or more development tenants, only one development tenant can push content. The production tenant and any other development tenants pull from the one development tenant that is configured to push content. After the remote repository is enabled in the production tenant, by default, the first development tenant that has been installed is set to push content to the remote repository. When you create additional development tenants, they are set to pull content from the remote repository.

If the content repository option is disabled for the production or development tenant, the tenant becomes standalone and does not push or pull content.

Once the development tenant is set up, you can only change content repository settings within the tenant.

Use case scenarios for a private remote repository

The following are typical scenarios for setting up a private remote repository for the production and one or more development tenants.

  • New development tenant and new or existing production tenant

    The production tenant is first activated as a standalone (by default), and the private remote repository is then enabled in the production tenant. Once enabled, the first development tenant becomes the push tenant, the production tenant becomes a pull tenant, and any additional tenants need to set to pull tenants.

  • Existing development and production tenants

    The production and development tenants were managed in parallel with different sets of content.

Before you begin

  • Verify that you have network connectivity from Cortex XSOAR to the private remote repository. All communication goes through Cortex XSOAR, so it must have access to the remote repository. If direct access from Cortex XSOAR is not enabled you can use engines with access to the repository.

  • If you are changing your remote repository settings, back up existing content to your local computer by navigating to Settings & InfoSettingsSystemServer SettingsCustom Content and click Export all custom content.

  • You must have Instance Administrator or Account Admin permission.

  • Download and install the development image file. For more information, see Step 3. Set up a remote repository.

How to set up a private remote repository

Perform the following procedures in the order listed below to set up a private remote repository.

Note

When the first tenant (development or production) is enabled for the remote repository, the content from that tenant automatically populates the repository. When you first enable additional tenants (development or production) to the same remote repository, you will see the Specified repository is not empty window and have the option to use the content in the remote repository or replace the content with content from the new tenant.

These instructions describe enabling the production tenant first, so the remote repository will initially contain production tenant content. You can enable a development tenant first if you want the remote repository to initially contain the content from the development tenant.

  1. On the production tenant, go to Settings & InfoSettingsAdvancedContent Repository and toggle the Content repository slider to enable the content repository.

    When set to On, the sync direction is Pull.

    The Repository type is Private.

  2. Define the Git settings using HTTPS or SSH.

    • For repository vendors that use tokens, enter the token type in the username field and the token in the password field. Verify details with your vendor.

      If your private Git remote repository uses personal access tokens instead of usernames and passwords, enter the token type in the username field and the access token in the password field. For example, if you use an OAuth2 token, enter oauth2 in the username field.

      For Github, enter your username in the username field.

    • If using SSH, only RSA private keys are supported. If your SSH connection uses a port other than port 22 (the default SSH port), you must include the SSH string and port number in the Repository URL field. In the following example, we use port 20017:

      ssh://git@content.demisto.com:20017/~/my-project.git

  3. Select the active branch on which you will be working.

  4. In the Advanced section, the engine is set by default. You can change the engine by selecting from the list of available engines.

    Note

    You can't add an engine that has been added to a Load-Balancing Group.

  5. Save the settings.

Once enabled, the first development tenant automatically becomes the push tenant.

  1. On the development tenant, go to Settings & InfoSettingsAdvancedContent Repository and toggle the Content repository slider to enable the content repository.

    When set to On, the sync direction for the development tenant is Push. Set the sync direction for any additional development tenants to Pull.

    The Repository type is Private.

  2. Define the GitHub settings using HTTPS or SSH.

    • If your private Git remote repository uses personal access tokens instead of usernames and passwords, enter the access token in the password field and leave the username field blank.

    • For repository vendors that use tokens, the token type is entered in the username field and the token is entered in the password field. Verify details with your vendor.

    • If using SSH, only RSA private keys are supported. If your SSH connection uses a port other than port 22 (the default SSH port), you must include the SSH string and port number in the Repository URL field. In the following example, we use port 20017:

      ssh://git@content.demisto.com:20017/~/my-project.git

  3. Select the active branch on which you will be working.

  4. (Optional) In the Advanced section, you can add any engines you want to connect.

  5. Save the settings.

  6. For any additional tenants that are enabled for the remote repository, select which content to keep and which to overwrite.

    After the first tenant is enabled for the remote repository, its content automatically populates the remote repository (which in this example initially contains the production tenant content after it is enabled).

    The Specified repository is not empty window opens. Options are:

    • Existing content on your tenant: Keeps the existing content on your tenant and replaces the content on the specified repository. Cortex XSOAR checks if any other tenants are using the remote repository. If yes, this option is disabled. In this example, the remote repository was already enabled in the production tenant, so the remote repository holds production content. If you want to keep the content on the development tenant:

      1. Disable the remote repository in any additional enabled tenants. In this case, for the first development tenant, only the production tenant must be disabled.

      2. Select Existing content on your tenant for this tenant.

      3. Complete synchronization.

      4. Re-enable the remote repository in any additional tenants and select Existing content on the specified repository in each additional tenant.

    • Existing content on the specified repository: Deletes the existing content on your tenant and replaces it with content from the specified repository.

  7. Click Continue.

After completion, all tenants are now synced. You can start creating and testing content on the development tenant that you can push to production and additional development tenants when ready.