Create a Password Policy - Administrator Guide - 6.6 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.6
Creation date
2022-09-29
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Create a FIPS compliant password policy in Cortex XSOAR.

In Cortex XSOAR you can set a default FIPS compliant password policy in the Password Policy tab. Any changes in the Password Policy override any password changes made in the server configuration settings.

  1. Go to SettingsUSERS AND ROLESPassword Policy.

  2. In the Enable Password Policy section, select On.

  3. Add the password requirements, as necessary.

    The 0 value disables the settings.

  4. When selecting unlock choose one of the following options to unlock the user’s account:

    • By Admin only: only administrators can manually unlock user accounts.

    • Automatically: users can unlock themselves after a specified period of time.

    Locked out users cannot use API keys. Cortex XSOAR has a delay mechanism for multiple failed logins. However, unlike the lockout mechanism, this system is not suitable for preventing automated brute-force attacks. It is useful for preventing accidental lockouts.

  5. Click Save.