Server Post-Installation Health Check - Administrator Guide - 6.6 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide
Product
Cortex XSOAR
Version
6.6
Creation date
2022-09-29
Last date published
2024-04-08
End_of_Life
EoL
Category
Administrator Guide
Abstract

Run Cortex XSOAR server post-installation health checks. Docker, integrations, commands, playground, reporting, content.

After you install the Cortex XSOAR server, it is recommended that you verify the installation by checking several systems and running several commands.

If you experience issues with any of these health checks, contact the Cortex XSOAR support team.

Check the Docker Sub-system

Run these commands in the playground.

  • /docker_images: Shows either a list of available Docker images or an empty list.

  • !py script="demisto.results('hello world')": Verifies that hello world is returned, not an error.

    If no Docker images were installed, then the !py script="demisto.results('hello world')" command might take several minutes to execute, and might fail the first time it is run. If the command fails, rerun the command after five minutes.

From the CLI, run the sudo docker info command to check for warnings or errors. Not relevant for hosted service users.

Verify Integration Tests

Create an instance of each of the following integrations and test each of these integrations by clicking the Test button in the integration instance.

  • urlscan.io

  • IPinfo v2

  • PhishTank v2

  • OpenPhish v2

  • Rasterize

Also, run !FailedInstances in the playground, to test all configured integrations and check outputs to see that there are no errors returned.

Run Commands in the Playground

We recommend that you run the following commands in the playground.

Command Name

Related Integration

Full Command

Description

url

urlscan.io

PhishTank v2

OpenPhish v2

!url url=https://google.com

Submits a URL to scan.

Checks URL reputation

ip

IPinfo v2

!ip ip=8.8.8.8

Checks the IP reputation (when information is available, returns a JSON with details). Uses all configured Threat Intelligence feeds.

rasterize

Rasterize

  • !rasterize url=https://google.com

  • !rasterize-email htmlBody="<h1>hello world</h1>"

Converts the contents of a URL to an image file or a PDF file.

Converts the body of an email to an image file or a PDF file.

ping

N/a

!Ping address=8.8.8.8

Verifies accessibility of the host from the internet.

Check the Reporting Sub-system

Run any report and verify that the PDF output resolves correctly.

Content

  • Verify that you see automation scripts in the Automations section.

  • Verify that you see playbooks in the Playbooks section.

  • Verify that you see dashboard widgets in the My Dashboards section.

  • Verify you can reach the Marketplace page and view content packs available for download.

  • Download one or more content packs to test that traffic is allowed.