System Requirements - FAQs - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR 8 - FAQs
Product
Cortex XSOAR
Version
8
Creation date
2023-11-02
Last date published
2024-04-24
Category
FAQs
Solution
Cloud
Abstract

Verify that your Cortex XSOAR deployment meets the minimum system requirements.

Cortex XSOAR requires the following hardware, URLs, and bandwidth. Verify you meet all minimum system requirements.

Hardware requirements

Important

If you set your Cortex XSOAR environment as a standalone (single node), you cannot add nodes to it and move to a cluster. If you set your Cortex XSOAR environment starting with three nodes, you can add nodes to it and expand the cluster (see Task 7 in Install Cortex XSOAR on-prem).Install Cortex XSOAR

The Cortex XSOAR tenant has specific minimum VM hardware requirements depending on the scale.

Component

Small scale (standalone - one VM)

Small scale (three VMs)

Medium scale (standalone and three VMs)

Large scale (standalone and three VMs)

CPU

16 CPU cores

8 CPU cores

32 CPU cores

48 CPU cores

Memory

64 GB RAM

32 GB RAM

128 GB RAM

192 GB RAM

Storage

256 GB hard disk plus an additional separate 1 TB* SSD for each instance of a virtual machine you want to deploy (for data)

256 GB hard disk plus an additional separate 512 GB SSD for each instance of a virtual machine you want to deploy (for data)

256 GB hard disk plus an additional separate 1.5 TB* SSD for each instance of a virtual machine you want to deploy (for data)

256 GB hard disk plus an additional separate 2 TB* SSD for each instance of a virtual machine you want to deploy (for data)

*1 TB = 1024 GB

Required ports for Cluster communication

SSH

Relevant for Standalone (one VM) and three VMs (3-node cluster).

Port

Protocol

22

TCP

Control Plane

Relevant for three VMs (3-node cluster).

Name

Port

Protocol

etcd client port

2379

TCP

etcd peer port

2380

TCP

Kubernetes API

6443

TCP

Kubelet API

10250

TCP

kube-scheduler

10257

TCP

kube-controller-manager

10259

TCP

Worker Node

Relevant for three VMs (3-node cluster).

Name

Port

Protocol

kube nodeport range

30000:32767

TCP

Intra-node communication

Relevant for three VMs (3-node cluster).

Name

Port

Protocol

Calico with IPv4 Wireguard

51820

UDP

Required URLs

You need to allow the following URLs for Cortex XSOAR to operate properly.

Function

Service

Port

Direction

Web interface

HTTPS

443 (configurable)

Inbound

Engine connectivity

HTTPS

443 (configurable)

Inbound

Integrations

Integration-specific ports

Outbound

Unit42 Intel Inventory (TIM license)

https://unit42intel.xsoar.paloaltonetworks.com

443

Outbound

Marketplace

  • https://marketplace.xsoar.paloaltonetworks.com/

    Download content packs and view the Marketplace (to view content pack images, the domain should also be reachable from the browser).

  • storage.googleapis.com

    Download content packs and view the Marketplace. This domain stores content pack artifacts (to view content pack images, the domain should also be reachable from the browser). It is possible to further limit the url prefix to: https://storage.googleapis.com/marketplace-dist/

  • api.demisto.com

    Download content Packs and view the Marketplace (this file maps the Marketplace URL to the Cortex XSOAR version).

    Note

    You must add marketplace.xsoar.paloaltonetworks.com, storage.googleapis.com, and api.demisto.com otherwise you cannot access the Marketplace.

  • xsoar-authentication-proxy.paloaltonetworks.com

    Login and register users.

  • xsoar-contrib.pan.dev

    Contribute content packs.

443

Outbound

On-prem Gateway

onpremgw.crtx.[region].paloaltonetworks.com

443

Outbound

Download packages required for installation

debian.org

443

Outbound

Bandwidth requirements

The minimum required download bandwidth is 10Mbit/s. This is required for successful Cortex XSOAR upgrades and Marketplace operations.