Install Cortex XSOAR Offline - Installation Guide - 6.8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Installation Guide

Product
Cortex XSOAR
Version
6.8
Creation date
2022-09-02
Last date published
2024-02-04
End_of_Life
EoL
Category
Installation Guide

Use these instructions when using the Cortex XSOAR installer script for installation with no internet connectivity.

You need to download Cortex XSOAR dependencies and Docker images on a machine that has internet access, and then transfer them to a machine where you want to install Cortex XSOAR. After installing the dependencies and images, install the Cortex XSOAR server.Dependencies for Offline Installation

Always verify that your Cortex XSOAR dependencies are updated and take into account that they might change across releases.

Note

  • There are different steps for different operating systems.

  • Docker/Podman is used to run Python scripts in an isolated container.

  • After installation, you need to Add a License .

For information about the default installation file structure, see Installation File Structure.

  1. On a machine with internet access, do the following:

    1. Download the required dependencies for your deployment type.

      • (Red Hat and CentOS) Run the following commands:

        sudo yum check update

        sudo yum install <name of the dependency>

        For example, sudo yum install systemd

      • (Ubuntu and Debian) Run the following commands:

        sudo apt-get update

        sudo apt-get install <name of the dependency>

        For example, sudo apt-get install systemd

      Note

      If you need to download dependencies on Ubuntu, you can also use the command apt-get download.

      If using Podman:

      • To archive a single Docker image, run:

        podman save -o docker_images.tar <docker-image-1> <docker-image-2>

      • To archive multiple Docker images, run:

        podman save --multi-image-archive -o docker_images.tar <docker-image-1> <docker-image-2>

    2. Download the Docker images by appending downloadName=dockerimages to the download link you received from Cortex XSOAR.

      For example, wget -O dockerimages.tar "https://download.demisto.com/download-params?token=xxxxxxx&email=user@paloaltonetworks.com&downloadName=dockerimages&eula=accept"

      Note

      The Docker images file is approximately 75 GB.

    3. Download Cortex XSOAR (if not already installed).

      Note

      When you receive a link to download, ensure that the downloadLink link refers to https://download.demisto.com and not https://download.demisto.works.

      For example, wget -O demisto.sh “https://download.demisto.com/download-params?token=xabcedef&email=user@paloaltonetworks.com&eula=accept”

      To download the latest vendor affirmed FIPS version, append &downloadName=fips. For example, wget -O demisto.sh “https://download.demisto.com/download-params?token=xabcedef&email=user@paloaltonetworks.com&eula=accept&downloadName=fips”

  2. On the machine where you want to install Cortex XSOAR, do the following:

    1. Transfer the files downloaded in step Step 1.

    2. Verify that the required dependencies in step Step 1.a are installed successfully by running one of the following commands.

      • (Red Hat and CentOS) repoquery -a --installed

      • (Ubuntu and Debian) apt list --installed

  3. Install Cortex XSOAR, by running one of the following commands:

    • (CentOS) sudo ./demisto.sh -- -tools=false -do-not-start-server=true -C

    • (Red Hat, Ubuntu, or Debian) sudo ./demisto.sh -- -tools=false -do-not-start-server=true

  4. (Red Hat v8 & above) Install and configure Podman, by following the steps in Migrate from Docker to Podman (from step 2 onwards).Migrate From Docker to Podman

    For other OS versions, you need to install Docker.

  5. Load the Docker images that you downloaded in step Step 1.b, by doing one of the following:

    • (Ubuntu, Debian, Red Hat v7 & below, or CentOS v7 & below) Run the following command:

      sudo docker load -i <YOUR_DOCKER_FILE>.tar

    • (Red Hat v8 & above) Do the following:

      1. Ensure that the docker file has demisto:demisto ownership.

      2. Ensure that you are in the root directory (cd /).

      3. Run the following commands:

        sudo -su demisto

        podman load -i <YOUR_DOCKER_FILE>.tar

      4. (Optional) To verify that images are able to run, use the podman images command. You can also run the podman images -q "demisto/python:1.3-alpine" command to validate specific images and identify any issues.

  6. Start the server, by running the following command:

    sudo systemctl start demisto

  7. (Optional) After installation has completed, do the following:

    1. Confirm that the Cortex XSOAR server status is active, by running the systemctl status demisto command.

    2. (Ubuntu, Debian, Red Hat v7 & below, or CentOS v7 & below) Confirm that the Docker service status is active, by running the systemctl status docker command.

    3. In a web browser, go to the https://serverURL:port to verify that Cortex XSOAR was successfully installed.

      When you open Cortex XSOAR for the first time you need to add the license.

Troubleshoot Offline Installation

If you receive the following message, ensure you use a version of Podman that supports archives with multiple images.

Error: error pulling "": unable to pull dir:./xsoar_docker_images.tar: error determining pull goal for image "dir:./xsoar_docker_images.tar": error parsing dest reference name "localhost/./xsoar_docker_images.tar": error parsing named reference "localhost/./xsoar_docker_images.tar": invalid reference format

Dependencies for Offline Installation
Abstract

Dependencies required when installing Cortex XSOAR with no internet connection for CentOS, Red Hat, Ubuntu and Debian operating systems. Offline installation

You need to install the following dependencies when installing Cortex XSOAR offline.

RPM dependencies

The following dependencies are required for Red Hat and CentOS deployments.

  • systemd

  • xmlsec1

  • xmlsec1-openssl

  • rpm-build

  • libcap

  • dnf-utils

  • file

  • fontconfig

  • expat

  • libpng

  • freetype

  • git

  • makeself

(Red Hat v8 & above) You also need to install Podman by running the following commands:

  • sudo yum -y install slirp4netns fuse-overlayfs

  • sudo yum -y module install container-tools

Debian Dependencies

The following dependencies are required for Debian and Ubuntu deployments.

  • systemd

  • xmlsec1

  • rpm

  • libcap2-bin

  • file

  • libfontconfig1

  • libexpat1

  • libfreetype6

  • git

  • makeself