Validate Additional App Servers - Administrator Guide - 6.9 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.9
Creation date
2022-09-29
Last date published
2024-03-28
End_of_Life
EoL
Category
Administrator Guide
Abstract

After adding additional application servers to a high availability environment, validate each server.

After adding application servers to your high availability deployment, we recommend verifying that each application server has the correct configuration.

  1. Verify the shared file system was created and is owned by demisto user.

    sudo ls -lh /<shared>/var/lib/demisto

    Modify path as needed if you mounted the shared filed system at another location.

    Confirm you see folders for artifacts, images, systemTools, etc.

  2. Verify that the temp folder on the new application server contains folders for tempSystemContent, script directories, etc.

    ls -lh /var/lib/demisto/temp

    Modify path as needed if you choose a different temp folder location.

    Temp folder must be owned by demisto:demisto

  3. Verify that the Cortex XSOAR license file is in the shared file system folder. If not, upload the file.

    Applies only to first application server.

  4. Validate the /etc/demisto.conf files are the same across all application servers.

    Only the AppID and InClusterHostName keys should be different per application server.

  5. Log in to the new Cortex XSOAR app server https://<app server>.

  6. Install the Elasticsearch Monitoring content pack and validate you can view the Elasticsearch Monitoring dashboard to check Elasticsearch indexes for shards, replicas, and cluster status.

    Applies only to first application server.

  7. Go to SettingsAdvancedApp Servers.

    Confirm that two or more application servers are showing online.

  8. Create a new incident and verify you can view the incident across all application servers.