System diagnostics - Administrator Guide - 8.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR On-prem Documentation

Product
Cortex XSOAR
Version
8.5
Creation date
2024-03-10
Last date published
2024-10-31
Category
Administrator Guide
Solution
On-prem
Abstract

View errors and take action on the System Diagnostics page for Cortex XSOAR On-prem.

The System Diagnostics page enables you to identify and fix potential issues before they become system-critical. By default, the System Diagnostics page shows trends from the last 24 hours, but you can also select the last hour, 6 hours, 12 hours, 3 days, or 7 days.

Note

Only administrators can view the system diagnostics page.

Download log bundles

To help with debugging issues, you can download the log bundle by clicking downloadlogbundle.png in the upper right hand corner. The log bundle contains information about the system from the current state up to the past ten days, and it should be included when opening a support ticket.

Nodes

Four widgets present information regarding nodes.

Node

Description

Nodes - CPU

Trend graph showing CPU consumption. The trend graph shows an increase as system usage increases. Temporary peaks might correlate with system delays or slowness.

We recommend increasing CPU resources when you reach system limits.

Nodes - Memory

Trend graph showing memory consumption. The trend graph shows an increase as memory usage increases. Temporary peaks might correlate with system delays or slowness.

We recommend increasing memory resources when you reach system limits.

Nodes - Storage

Trend graph showing storage usage. The trend graph shows an increase as storage usage increases. Temporary peaks might correlate with system delays or slowness.

We recommend increasing storage resources when you reach system limits.

Active Nodes Snapshot

Shows a list of all active nodes and their status - Connected or Disconnected.

Storage Groups

Storage Groups display a graph illustrating storage group utilization. The trend graph shows an increase as storage usage grows. A rapid surge in storage utilization might indicate a change in system usage.

We recommend increasing storage capacity or performing a data cleanup when utilization reaches 80%.

Playbooks in Queue

The Playbooks in Queue widget shows a graph that includes manually and automatically triggered playbooks and displays how many playbooks were waiting in the queue over the displayed period. The playbook queues are designed to manage playbook executions efficiently and prevent system overload. A rapid surge in the graph values might indicate a temporary peak of triggered playbooks and cause playbooks to take longer to execute and may slow UI performance.

If the queue count is constantly higher than 0, contact Customer Support to discuss scaling options.

Cortex Connectivity Snapshot

The Connectivity Snapshot shows the connection status between your Cortex XSOAR tenant and the external gateway. If the status is Disconnected you cannot upgrade Cortex XSOAR, access the Marketplace, or update Docker images.

Components Snapshot

The Components Snapshot shows the status of a Cortex XSOAR component.

Status

Action

Healthy

None

Warning

  • Check cluster health graphs for temporary peaks or high resources utilization.

  • Check storage utilization graphs.

  • If you have recently made changes to your system, verify if these changes might have impacted system components.

  • Open a support case if you cannot find the source of the issue.

Error

Note

For some components, such as storage, if the system reaches a critical level, Cortex XSOAR will no longer function, and you will not be able to access the System Diagnostics page.

We recommend monitoring system components on an ongoing basis to avoid critical-level issues.

The components include:

Component

Description

API

The API request handlers

Storage

System storage and files

Databases

System databases

Telemetry

System telemetry collection

Automation layer

Automation resources and components handler

Playbook Engines

Task queue and priority handling

System Scheduler

System scheduled tasks and prioritization handlers

External Gateways

External resource and connection handling

System Orchestrators

System initialization

Execution Environments

Task execution