Learn how to install Cortex XSOAR On-prem, including system requirements, and adding a license.
To install a Cortex XSOAR 8 tenant, you need to log into Cortex Gateway, which is a portal for downloading the relevant image file and license. If you have multiple or development tenants, you must repeat this task for each tenant.
Before you begin
Create a Customer Support Portal (CSP) account.
You need to set up your CSP account. For more information, see How to Create Your CSP User Account.
When you create a CSP account you can set up two-factor authentication (2FA) to log into the CSP, by using an Email, Okta Verfiy, or Google Authenticator (non-FedRAMP accounts). For more information, see How to Enable a Third Party IdP.
Verify you have one of the following roles assigned:
Role
Details
CSP role
The Super User role is assigned to your CSP account. The user who creates the CSP account is granted the Super User role.
Cortex role
You must have the Account Admin role.
If you are the first user to access Cortex Gateway with the CSP Super User role, you are automatically granted Account Admin permissions for the Cortex Gateway. You can also add Account Admin users in Cortex Gateway if required.
Plan whether to install a standalone or a cluster.
Cortex XSOAR supports a single node (standalone) or a three-node cluster deployment. A two-node configuration is not supported.
Cluster installation is suitable for production environments involving large-scale data, and offers scalability and High Availability. Standalone is more suitable for small-scale data scenarios. For more information, see Installation overview.
Review the System Requirements for installation.
Have a basic understanding of how to deploy OVA or VHD file formats.
Add DNS records that point the following host names to the cluster IP address.
FQDN
Details
Cluster FQDN
The Cortex XSOAR DNS name for accessing the UI. For example,
xsoar.mycompany.com.API-FQDN
The Cortex XSOAR DNS name that is mapped to the API IP address. For example,
api-xsoar.mycompany.com.ext-FQDN
The Cortex XSOAR DNS name that is mapped to the external IP address. For example,
ext-xsoar.mycompany.com.
From the Cortex Gateway, in the Available for Activation section, use the serial number to locate the tenant to download.
Click Download On Prem.
If you want to use a production and development tenant with a private remote repository, select Dev.
If you don't select it now, you can install a development tenant at a later stage.
Download one of the following image files.
OVA: Supported by VMWare, AWS, and OCI.
VHD: Supported by Microsoft Hyper-V.
You can deploy a single node (standalone) or a cluster (three nodes).
Depending on the image file and the platform you want to deploy on, do one of the following:
Important
In the textual UI menu, when you reach the Cluster Installation stage, select Enterprise in the Installation Mode field. You must select this mode when installing production or development tenants.
After installation, add the Cortex XSOAR license.
You have two licenses for each environment when you download the image file. Each must be uploaded separately to the respective tenant.
Go to → .
In the Upload License section, drag and drop your license file.
The license file is in JSON format.
For more information, see Add the Cortex XSOAR license.
Optionally perform post-installation maintenance, including scaling up hardware resources and using your own X.509 certificate for a secure HTTP connection.
If you selected Dev, on the development tenant, do the following:
Install the image file you downloaded in step 4.
Note
You are not restricted to using the platform installed on the production tenant. For example, if you have downloaded an OVA file and installed the VM on AWS in the production tenant, you can install the VM on OCI in the development tenant.
Add the Cortex XSOAR license.
For more information about setting up a remote repository, see Set up a private remote repository.
For more information, see Cortex XSOAR Installation.