Engines Use Case - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
8
Creation date
2023-11-02
Last date published
2024-04-11
Category
Administrator Guide
Solution
Cloud
Abstract

Understand Cortex XSOAR engine architecture, load balancing groups, installation and configurations.

An engine is used for the following purposes:

Engines require Docker or Podman for container management. The engine installs either Docker or Podman automatically based on your operating system. IPv4 forwarding is required. In some cases, you may need to manually install and configure Docker or Podman. For more information, see Docker or Podman.

Engine Proxy

Cortex XSOAR engines enable the Cortex XSOAR tenant to access internal or external services that are otherwise blocked by a firewall or a proxy, etc. For example, if a firewall blocks external communication and you want to run the Rasterize integration, you need to install an engine to access the Internet.

Engine Architecture
engine_architecture.png

Within the network, you need to allow the engine to access the Cortex XSOAR tenant’s IP address and listening port (TCP 443). The engine always initiates the communication to the Cortex XSOAR tenant.

Engine Load-Balancing

Engines can be part of a load-balancing group, which enables distribution of the command execution load. The load-balancing group uses an algorithm to efficiently share the workload for integrations that the group is assigned to, thereby speeding up execution time.

Before configuring an integration to run using multiple engines in a load-balancing group, it is recommended that you test the integration using a single engine in the load-balancing group.

load-balance.png

Note

When you add an engine to a load balancing group, you cannot use that engine separately. The engine does not appear in the engines drop-down menu when configuring an integration instance.