Install an Engine - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
8
Creation date
2024-04-17
Last date published
2024-07-17
Category
Administrator Guide
Solution
Cloud
Abstract

Install a Cortex XSOAR engine.

When you install the engine, the d1.conf is installed on the engine machine, which contains engine properties such as proxy, log level, log files, etc. If Docker/Podman is already installed, the python.engine.docker and powershell.engine.docker key is set to true. If Docker or Podman is not available when the engine is installed, the key is set to false. If so, you need to set the key to true. Verify that python.engine.docker and powershell.engine.docker configuration key is present in the d1.conf file.

After you install and deploy an engine, there are several ways that you can Manage Engines.

Before you begin:

If you are using DEB, RPM or Zip installation, install Docker or Podman.

  1. Create an engine.

    1. Select Settings & InfoSettingsIntegrationsEnginesCreate New Engine.

    2. In the Engine Name field, add a meaningful name for the engine.

    3. Select one of the installer types from the dropdown list.

      • Shell

      • DEB

      • RPM

      • Configuration

      Tip

      For Linux systems it is recommended to use the Shell installer. If using Amazon Linux 2, use the Zip installer (see step 4).

    4. (Optional) (Shell only) Select the checkbox to enable multiple engines to run on the same machine.

      If you have an existing engine and did not select the checkbox and you want to install another engine on the same machine, you need to delete the existing engine.

    5. (Optional) Add any required configuration in JSON format.

    6. Click OK.

  2. For Shell installation, do the following:

    1. Move the .sh file to the engine machine using a tool like SSH or PuTTY.

    2. On the engine machine, grant execution permission by running the following command:

      chmod +x <engine-file-path>

    3. Install the engine by typing one of the following commands:

      With tools: sudo ./d1-<engine-name>-<XSOAR-version>-xxxxxxx.sh

      Without tools: sudo ./d1-<engine-name>-<XSOAR-version>-xxxxxxx.sh -- -tools=false

      For example: sudo ./d1-enginename-8.2-250000.sh -- -tools=false

  3. For RPM/DEB installation, do the following:

    1. Move the file to the required machine using a tool like SSH or PuTTY.

    2. Type one of the following installation commands:

      Machine Type

      Install Command

      RHEL (RPM)

      sudo rpm -Uvh d1-2.5_15418-1.x86_64.rpm

      Ubuntu (DEB)

      sudo dpkg --install d1_xxx_amd64.deb

    3. Start the engine by running one of the following commands:

      Machine Type

      Start Command

      RHEL (RPM)

      sudo systemctl start d1

      Ubuntu (DEB)

      sudo service d1 restart

  4. For Zip installation on Amazon Linux 2, run the following commands:

    1. Create the engine folder.

      mkdir /usr/local/demisto

    2. Unzip the engine files to the folder created in the previous step.

      unzip ./d1.zip -d /usr/local/demisto

    3. Allow the process to bind to low numbered ports.

      setcap CAP_NET_BIND_SERVICE=+eip /usr/local/demisto/d1_linux_amd64

    4. Change the owner of /usr/local/demisto to the demisto user.

      chown -R demisto:demisto /usr/local/demisto

    5. In /etc/systemd/system edit the d1.service file las follows (adjust the directory and the name of the binaries file if needed).

       [Unit]
      Description=Demisto Engine Service
      After=network.target
      [Service]
      Type=simple
      User=demisto
      WorkingDirectory=/usr/local/demisto
      ExecStart=/usr/local/demisto/d1_linux_amd64
      EnvironmentFile=/etc/environment
      Restart=always
      [Install]
      WantedBy=multi-user.target
    6. Give the service execution permissions and change the owner to demisto.

      chmod -x d1.service chown demisto:demisto d1.service

    7. Run the engine process.

      systemctl start d1

    8. Verify that the engine is running.

      systemctl status d1

  5. Use an Engine in an Integration.

Note

If the installer fails to start due to a permissions issue, even if running as root, add one of the following two arguments when running the installer:

  • --target <path> - Extracts the installer files into the specified custom path.

  • --keep - Extracts the installer files into the current working directory (without cleaning at the end).

If using installer options such as -- -tools=false, the option should come after the --target or --keep arguments. For example:

sudo ./d1-installer.sh --target /some/temp/dir -- -tools=false

To troubleshoot installation, upgrade, connectivity, or issues with integrations, see Troubleshoot Engines.