End-of-Life (EoL)

Migrate Objects to Elasticsearch for a Distributed Database

Follow these instructions to migrate Cortex XSOAR objects to Elasticsearch for a distributed database environment.
The tool migrates Cortex XSOAR objects to an Elasticsearch database. When you run the tool, the contents of the Cortex XSOAR database are read, and a corresponding object is created in Elasticsearch. The tool is run from the main database machine.
  1. On the app server machine, stop the Cortex XSOAR server.
    • CentOS:
      sudo systemctl stop demisto
    • Ubuntu:
      sudo service demisto stop
  2. On the database node machines, stop the Cortex XSOAR server.
    • CentOS:
      sudo systemctl stop demisto
    • Ubuntu:
      sudo service demisto stop
  3. On the main database machine, stop the Cortex XSOAR service.
    • CentOS:
      sudo systemctl stop demisto
    • Ubuntu:
      sudo service demisto stop
  4. Edit the
    demisto.conf
    as needed.
  5. Copy and add the elasticsearch object to each demisto.conf on the app-server and the main database.
  6. From the main database node, run the
    ./elasticMigrator
    command with either
    demisto
    or
    sudo
    permissions.
  7. On the app server machine, add the following flag under the Server section:
    "externalEntities": "audit, indicator”
    .
  8. On the main database machine, start the Cortex XSOAR service.
    • CentOS:
      sudo systemctl start demisto
    • Ubuntu:
      sudo service demisto start
  9. On the database node machines, start the Cortex XSOAR service.
    • CentOS:
      sudo systemctl start demisto
    • Ubuntu:
      sudo service demisto start
  10. On the app server machine, start the Cortex XSOAR service.
    • CentOS:
      sudo systemctl start demisto
    • Ubuntu:
      sudo service demisto start

Recommended For You