End-of-Life (EoL)

Install Cortex XSOAR for a Single Server Deployment

These installation instructions are intended for standard Cortex XSOAR deployments.
In a standard Cortex XSOAR deployment, the app server and database server are installed on the same machine.
If you are deploying a signed installer:
  • You need to import the public key to the operating system. The public key is valid for six months.
  • If you are using engines or hosts in a multi-tenant environment, you need to install
Installation File Structure
This is the file and folder structure in a standard Cortex XSOAR installation.
By default, Cortex XSOAR is installed in the
folder, but you can change the default folder, if necessary.
(will not be created if defaults are selected during installation)
Install Log
If you want to create different mounts for the
, and
partitions, it is recommended to allocate the following space to each partition (dependent on the expected amount of data, and the size of your incidents and indicators).
  • /var/lib/demisto
    : 200 GB (development) 1000 GB (production)
  • /var/lib/docker
    : 70 GB (development) 150 GB (production)
  • /tmp
    : 10 GB (development and production)
Verify the following information and requirements before you install Cortex XSOAR.
  • Your deployment meets the minimum system requirements.
  • You have root access.
  • If installing on Oracle Linux you need to manually Install Docker.
  • For CentOS 8.x, you must install the
    package using the following command:
    sudo yum install -y tar
Cortex XSOAR requires Docker or Podman for container management. Cortex XSOAR installs either Docker or Podman automatically, based on your operating system.
  1. Download Cortex XSOAR from the link that you received from Cortex XSOAR Support by running the following command.
    wget -O demisto.sh “
    For example,
    wget -O demisto.sh “https://download.demisto.com/download-params?token=xabcedef&email=user@paloaltonetworks.com&eula=accept”
  2. (Optional)
    If you are deploying Cortex XSOAR using a signed installer (GPG), you need to import the GPG public key that was provided with the signed installer.
    For example, you can use the
    rpm --import public.key
    command to import the public key into the local GPG keyring. Note that each operating system has specific requirements.
  3. (Optional)
    If you are deploying Cortex XSOAR using a signed installer (GPG) you might need to manually install the
    package by running the
    yum install makeself
  4. Run the
    chmod +x demisto.sh
    command to convert the
    file to an executable file.
  5. Execute the
    file by running the following command.
    sudo ./demisto.sh
  6. Accept the EULA and add the information when prompted.
    1. The Server HTTPS port (default is 443)
    2. Type the name of the Admin user (default is admin).
    3. Type the password (default is admin).
  7. (
    After the installation has completed, do the following:
    1. Confirm that the Cortex XSOAR server status is active, by running the
      systemctl status demisto
      If the server is not active, run the
      systemctl start demisto
      command to start the server.
    2. Confirm that the Docker service status is active, by running the
      systemctl status docker
    3. In a web browser, go to the
      to verify that Cortex XSOAR was successfully installed.
      When you open Cortex XSOAR for the first time you need to add the license.

Recommended For You