Overview of how Cortex XSOAR uses Docker for security
Docker is a software framework for building,
running, and managing containers. Cortex XSOAR uses Docker to run
Python scripts, PowerShell scripts, and integrations in a controlled
environment. Integrations are run isolated from the server, which
prevents accidental damage to the server. By packaging libraries
and dependencies together, the environment remains the same and
scripts and integrations are not affected by different server configurations.
Cortex XSOAR maintains a repository of Docker images, available
in the Docker hub under the Cortex XSOAR organization.
You can also access the Docker images through the Cortex XSOAR Container
Registry. For Cortex XSOAR servers without an internet connection,
you can download Docker images to another machine and copy them
to the server.
Each Python/PowerShell script or integration has a specific Docker
image listed in the YAML file. When the script or integration runs,
if the specified Docker image is not available locally, it is downloaded
from the Docker hub or the Cortex XSOAR Container Registry. The
script or integration then runs inside the Docker container.
When creating an integration in Cortex XSOAR you are not required
to “pip install” all required packages. The dependencies are part
of a container that “docks” to the server and contains all libraries
needed to run the integration. For more information on development,
see the Docker documentation and Using Docker.