Step 2. Set up an engine - Administrator Guide - 8.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR On-prem Documentation

Product
Cortex XSOAR
Version
8.5
Creation date
2024-03-10
Last date published
2024-11-28
Category
Administrator Guide
Solution
On-prem
Abstract

Set up a Cortex XSOAR engine on a remote machine.

Engines are installed on a remote machine and used mainly for the following:

  • Integration instances for on-prem applications. For example, the GitLab v2 integration enables you to run commands on GitLab instances.

  • Execute scripts and commands that require access to on-prem resources. For example, the Active Directory v2 integration enables you to run commands in Active Directory.

  • Generic Indicator export service. In Cortex XSOAR, you can configure an EDL to share a list of Cortex XSOAR indicators with other products in your network, such as a firewall or SIEM. For example, your Palo Alto Networks firewall can add IP address and domain data from the EDL to block or allow lists.

  • Load balancing which enables the distribution of the command execution load.

  1. Review the engine requirements. For more information, see Engine requirements.Engine requirements

  2. Install an engine. For more information, see Install an engine.

    If you want to install an air-gapped engine, see Engine air gap installation.

To learn more about engines, requirements, and installation, see Engines.