1. Home
    2. Security Operations
    3. Cortex XSOAR
    4. Cortex XSOAR Administrator’s Guide
    5. Single Server Deployment
    6. Install Cortex XSOAR with Elasticsearch
    End-of-Life (EoL)

    Install Cortex XSOAR with Elasticsearch

    Verify the following information and requirements before you install Cortex XSOAR with Elasticsearch.
    • Your deployment meets the minimum system requirements.
    • You have root access.
    • Elasticsearch 7.x is installed. Elasticsearch should not be installed on the same server as Cortex XSOAR.
    • The production server has Python 2.7 or 3.x.
    Elasticsearch is a distributed, open source search and analytics engine for all types of data. It enables processing and storing large amounts of data. In this version of Cortex XSOAR, indicators and audits are stored in Elasticsearch while other objects are stored in the Cortex XSOAR’s Bolt DB.
    The following diagram depicts a Cortex XSOAR environment with Elasticsearch.
    The following provides instructions for installing a new Cortex XSOAR environment with Elasticsearch.
    1. Download the server package from the link you received from Cortex XSOAR Support.
      demistoserver.xxxx.sh
    2. (Optional)
       If you are deploying Cortex XSOAR using a signed installer (GPG), you need to import the GPG public key that was provided with the signed installer.
      For example, you can use the
      rpm --import public.key
       command to import the public key into the local GPG keyring. Note that each operating system has specific requirements.
    3. (Optional)
       If you are deploying Cortex XSOAR using a signed installer (GPG) you might need to manually install the
      makeself
       package by running the
      yum install makeself
       command.
    4. Run the
      chmod +x demistoserver-xxxx.sh
       command to convert the
      .sh
       file to an executable file.
    5. To install the app server with Elasticsearch, run one of the following commands:
      • If using username and password authentication:
        sudo ./demistoserver-X.sh -- -elasticsearch-url=<elastic search url address> -elasticsearch-username=<the elasticsearch user name> -elasticsearch-password=<the elasticsearch password>
      • If using API key authentication:
        sudo ./demistoserver-X.sh-- -elasticsearch-url=<elastic search url address> -elasticsearch-api-key=<the elasticsearch API key>
      Flag
      Type
      Description
      -elasticsearch-url
      String
      Elasticsearch URL addresses (comma-separated). For example,
      http://test1:9200,http://test2:9200
      -elasticsearch-api-key
      String
      The Elasticsearch API key, which should be used in licensed versions.
      Note:
      If you use this flag, you do not need to use the
      -elasticsearch-username
       and
      -elasticsearch-password
       flags.
      -elasticsearch-username
      String
      The Elasticsearch username. This flag is used with the
      -elasticsearch-password
       flag.
      Note:
      If you use this flag, you do not need to use the
      -elasticsearch-url
       flag.
      -elasticsearch-password
      String
      The Elasticsearch password. This flag is used with the
      -elasticsearch-username
       flag.
      Note:
      If you use this flag, you do not need to use the
      -elasticsearch-url
       flag.
      -elasticsearch-proxy
      Boolean
      Whether to use a proxy when communicating with Elasticsearch. Can be
      true
       or
      false
      . Default is
      false
      .
      -elasticsearch-insecure
      Boolean
      Whether to trust any certificate when communicating with Elasticsearch. Can be
      true
       or
      false
      . Default is
      true
      .
      -elasticsearch-timeout
      Integer
      The amount of time (in seconds) before Elasticsearch times out. Default is 20 seconds.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo