Best practices for Elasticsearch for Cortex XSOAR single-instance
deployments. Security guidelines.
Elasticsearch implements its own security
features, most of which are free, using the XPack. Cortex XSOAR
recommends you use these security features to protect
Note: As Elasticsearch is an external service, the default
behavior is no longer secured. It is highly recommended to enable
secure connections from, and to, Elasticsearch including secure
connections between nodes, otherwise your data can be exposed from
outside Cortex XSOAR.
This document provides some guidelines for implementing security
in a single instance deployment using an Elasticsearch database.
Multi-tenant security guidelines are available here.
To connect from Cortex XSOAR to Elasticsearch, you should use
Elasticsearch authentication with either a username and password,
or an api key to ensure that communication between Elasticsearch
and Cortex XSOAR is secure.
You can provide the credentials either in the
file under the Elasticsearch branch, or as flags in the Cortex XSOAR
installer.The XSOAR configuration file for Elasticsearch password
and API key may accept a plain text, tommed or encrypted using the
server encryption key. After you start the Cortex XSOAR server,
the Elasticsearch credentials are automatically encrypted.