Docker Hardening Guide - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Cortex XSOAR
Creation date
Last date published
Administrator Guide

Use the Docker Hardening Guide to configure the Cortex XSOAR settings when running Docker containers.

This guide describes the recommended Cortex XSOAR engine settings for securely running Docker containers. For each engine that you want to apply Docker hardening, you need to edit the engine configuration file to include the Docker hardening parameters.

When editing the configuration file, you can limit container resources, open file descriptors, limit available CPU, etc. For example, add the following keys to the configuration file:

{"": true,"limit.docker.cpu": true,"limit.docker.memory": true,"python.pass.extra.keys": "--pids-limit=256##--ulimit=nofile=1024:8192"}


We recommend reviewing the Docker Network Hardening guide, before changing any parameters in the configuration file.

To securely run Docker containers, it is recommended to use the latest Docker version.

You can Check Docker Hardening Configurations to verify that the Docker container has been hardened according to the recommended settings.

In the configuration file, you can update the following:



Configure Docker Images

Fine tune settings for Docker images according to the Docker image name.

Limit Container Resources

Protects the engine machine from a container using too many system resources.

Limit Available Memory

We recommend limiting available memory for each container to 1 GB.

Limit Available CPU on Your System

It is recommended to limit each container to 1 CPU.

Configure the PIDs Limit

It is recommend limiting each container to 256 PIDs. This value is sufficient for using threads and sub-processes, and protects against a fork bomb.

Configure the Open File Descriptors Limit

It is recommend using a soft/hard limit of 1024/8192 filed descriptors for each container process.


These settings can also be applied to Podman, with the exception of limiting available memory, limiting available CPU, and limiting PIDS.