Overview of how remote repositories work and how to configure a remote repository in Cortex XSOAR for a multi-tenant deployment.
In Cortex XSOAR you can use a content management system with a private content repository to develop and test content. You set up a development tenant, which manages content. When content is ready, you push the content to a production tenant (main tenant). In your main tenant, you pull the content as you would all other content updates, and push content to your child tenants using selective propagation.
All content is managed by the development tenant, including custom content and content updates from the Marketplace. The Marketplace is managed only in the development tenant.
Note
This feature cannot be configured to work with engines. You can enable this feature only on the main tenant. It is not available for child tenants.
In the Cortex Gateway, you need to create a Cortex XSOAR development tenant from your Cortex XSOAR tenant. All content from your production tenant is copied to the development tenant. A private content repository is automatically created for the development tenant.
In the Cortex XSOAR tenant (not development tenant) you need to change the tenant from Standalone to Prod. For more information about setting up the tenants, see Set Up a Remote Repository.
The production tenant (main account) connects to the development tenant through a private content repository. Only content created after activating the development tenant is transferred to production, as the development tenant is created with the same content as the main tenant (up to the time of activation).
The Development Tenant
The development tenant cannot be converted to a production tenant. If you turn off the feature in the production tenant, the development tenant becomes inactive.
The development tenant supports the following content:
Scripts
Playbooks
Integrations
Classifiers
Mappers
Content packs
Incident fields
Indicator fields
Evidence fields
Incident layouts
Incident types
Pre-processing rules
Indicator types
Reports
Dashboards
Widgets
Note
In the production tenant, it is not possible to edit these content items.
When pushing a content pack to the production tenant, we recommend pushing all of the content for the content pack to work properly.
The built-in content repository is for internal use only. You cannot access this repository directly.
After you develop your content, if you want it to be available as part of a content update for the production tenant, you must Push Content from a Development Tenant.
Note
If you have re-ordered your pre-processing rules you must push all of the pre-processing changes to the production tenant.
The Production Tenant
After pushing content from the development tenant to the remote repository, you need to install content on the production tenant.
Cortex XSOAR content updates are only delivered to the development tenant. Content is managed by the development tenant. In a production tenant you can’t create content (except for dashboards and lists). By managing content in the development tenant, you can decide which updates you want to push to production.
If after setting up the content repository feature, you later decide to revert to a standalone tenant, go to → → → and toggle the Content repository slider to off. If you deactivate the content repository feature, content on the development tenant is not deleted. If you turn the content repository feature on again, content from the development machine that has been pushed to the remote repository will override the content on the production machine. We recommend backing up any content on production that you want to keep, before reactivating.
Push Content from a Development Tenant
Once you develop your content, for it to be available as part of a content update for the production tenant, you must push the changes from the development tenant. Go to → → to select the items you want to push. For more information, see Push Content from a Development Tenant.
Install Content on the Main Tenant (Production Tenant)
After you push content from the development tenant, you have the option to install the content. In case of conflicts, you have a choice whether to keep local content or delete and replace. For more information, see Install Content on a Production Tenant.