Step 5. Set up a remote repository - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Cloud Documentation

Product
Cortex XSOAR
Version
8
Creation date
2024-03-07
Last date published
2024-09-18
Category
Administrator Guide
Solution
Cloud
Abstract

Overview of how remote repositories work and how to configure a remote repository in Cortex XSOAR for a multi-tenant deployment.

In Cortex XSOAR you can use a content management system with a built-in or private content repository (Git-based, including GitHub, GitLab, and Bitbucket) to develop and test content. In the Cortex Gateway, you set up a development tenant from the Main Tenant, which manages content. When the content is ready, you can push the content to the Main Tenant (production tenant).

Note

You can enable this feature only on the Main Tenant. It is not available for child tenants.

In your Main Tenant, you pull the content as you would all other content updates, and push content to your child tenants using selective propagation. For more information, see Content management in multi-tenant.

All content is managed by the development tenant, including custom content and content updates from the Marketplace. The Marketplace is managed only on the development tenant.

In the Cortex Gateway, you need to create a Cortex XSOAR development tenant from your Cortex XSOAR Main Tenant. All content from your Main Tenant (production tenant) is copied to the development tenant. You can use a built-in or private remote repository

Considerations
  • When you activate a tenant and enable the content repository in Cortex Gateway, Cortex XSOAR by default uses the built-in repository. The built-in remote repository requires fewer configurations than using a private remote repository and cannot be accessed directly. If you want to use a private remote repository, you need to configure it when you enable the remote repository in the tenant.

  • For a simple one-branch deployment, we recommend using the built-in repository. If you want to use multiple branches, or if you need access to the content repository outside the Cortex XSOAR platform (for example to implement some scanners) you must use a private repository.

    If you want to use a private remote repository with one or more branches, you need to enable the remote repository in each tenant and then set up all branches in the remote repository configuration page in Cortex XSOAR.

  • If the content repository option is disabled for the production or development tenant, the tenant becomes standalone and does not push or pull content.

  • Activation may take some time. You should receive notification by email that the production or development tenant has completed the activation process.

  • Once the activation completes, you can only change content repository settings within the tenant.

Before you begin
  • If you are changing your remote repository settings, back up existing content to your local computer by navigating to Settings & InfoSettingsSystemServer SettingsCustom Content and click Export all custom content.

  • You must have Instance Administrator or Account Admin permission.

Set up the remote repository

To learn more about remote repositories, requirements, and configuration, see Content management in Cortex XSOAR.

Note

The development tenant cannot be converted to a production tenant. If you turn off the feature in the production tenant, the development tenant becomes inactive.

Once you develop your content, for it to be available as part of a content update for the production tenant, you must push the changes from the development tenant. Go to Settings & InfoSettingsLocal Changes to select the items you want to push. For more information, see Push content from a development tenant.

Note

  • When pushing a content pack to the production tenant, we recommend pushing all of the content for the content pack to work properly.

  • If you have re-ordered your pre-processing rules you must push all of the pre-processing changes to the production tenant.

Cortex XSOAR content updates are only delivered to the development tenant. Content is managed by the development tenant. In a production tenant, you can’t create content (except for dashboards and lists). By managing content in the development tenant, you can decide which updates you want to push to production.

After you push content from the development tenant, you have the option to install the content. In case of conflicts, you have a choice whether to keep local content or delete and replace it. For more information, see Install content on a production tenant.

Caution

If after setting up the content repository feature, you later decide to revert to a standalone tenant, go to Settings & InfoSettingsAdvancedContent Repository and toggle the Content repository slider to off. If you deactivate the content repository feature, content on the development tenant is not deleted. If you turn the content repository feature on again, content from the development machine that has been pushed to the remote repository will override the content on the production machine. We recommend backing up any content on production that you want to keep, before reactivating.