End-of-Life (EoL)

Upgrade the Cortex XSOAR Server

Upgrading the server including preparation, upgrade and post upgrade steps.
The installer automatically detects the existing configurations and applies them to the upgraded server.
To buy paid content packs or write reviews for content packs in the Marketplace, you need to obtain a new license. For more information, contact customer support.
  1. Prepare the Cortex XSOAR server for upgrade.
    1. Backup the Cortex XSOAR server by taking a snapshot.
    2. Backup your content, by selecting
      Settings
      About
      Troubleshooting
      Export
      .
    3. Disable any external systems that push incidents to Cortex XOAR, such as Splunk, Elasticsearch, etc.
    4. Obtain a list of integrations that are in a failed state, by running the
      !FailedInstances
      in the CLI. This will be useful to compare after upgrade.
    5. If there are backup servers, stop the primary server, and any backup servers by running the following command on each server:
      sudo service demisto stop
      If there are no backup servers, you do not need to run the command as the installer file stops the Cortex XSOAR service before upgrade.
  2. Upgrade the Cortex XSOAR Server.
    1. Download the latest Cortex XSOAR server version by running the following command.
      wget -O demisto.sh "<downloadLink>"
      You can use the original URL that was sent to you when installing Cortex XSOAR by adding
      &downloadName=<version>_latest
      to the URL. For example, for version 6.0, type the following:
      https://download.demisto.works/download-params/?token=xxxxxxx&email=user@paloaltonetworks.com&downloadName=6_0_latest&eula=accept
      If you do not have the original URL, open a Customer Support ticket and select the
      Download Link
      option. The link is then sent automatically.
    2. Run the following command to convert the
      .sh
      file to an executable file.
      chmod +x demisto.sh
    3. Run the installer file.
      sudo ./demisto.sh
      For multi-tenant, type:
      sudo ./demisto.sh -- -multi-tenant
      Cortex XSOAR uses the
      /tmp
      folder for installation. If the folder is blocked by policy, you need to specify a new directory or use
      /var/tmp
      directory by adding the
      -target
      argument to installation before any other flag. For example,
      sudo ./demisto.sh -target /var/tmp --multi-tenant
  3. After the upgrade has finished, take the following steps.
    1. Check all custom content has been migrated.
    2. Confirm that the Cortex XSOAR server status is active, by running the
      systemctl status demisto
      command.
    3. Confirm that the Docker service status is active, by running the
      systemctl status docker
      command.
    4. Check all incidents prior to upgrade appear, and correct any incidents that show a missing playbook or automation.
    5. Run the
      !FailedInstances
      command to compare the results in step 1.4 and fix any failed instances.
    6. Ensure all integrations that were enabled prior to upgrade are available in the CLI/Playbooks.
    7. Enable the external systems which were disabled in step 1.3.
    8. Upgrade any existing engines.
    9. Reattach out of the box Incident types (from Content Packs) to receive content updates.
      After upgrading from version 6.0 to 6.1 and above, all installed incident types are in a Detached state, which means that updates from Content Packs do not affect the incident type configuration. If you want to receive content updates for detached incident types, reattach the incident type.
      When upgrading from version 5.5 to version 6.0 and above, migrate your content to content pack format to ensure that you receive content updates.

Recommended For You