Perform validation checks after migration for Cortex
XSOAR Elasticsearch deployment, including high availability.
Perform the following validation checks after
migration. For High Availability deployments, perform on each application
server, where applicable.
Log in to the Cortex XSOAR server using both of
the these methods:
Log in using the configured authentication method that
was previously used with BoltDB (e.g. SAML or AD Auth).
Log in using the default Administrator account.
Install the Elasticsearch Monitoring Pack to
check indexes in Elasticsearch for shards, replicas, and cluster
status. Add the Elasticsearch monitoring dashboard after pack installation.
) - Perform only on first app
) - Validate application servers
are online by navigating to
Validate integration settings by viewing
filtering for enabled integrations.
Validate that content such as Playbooks and Automations
is available, via their respective menus in the UI.
Create a new incident, and validate the following:
New incident ID should be newer than the previous Incident
ID in the system. If the new Incident ID is not newer, this could
mean data was not migrated in the correct order, leading to data
integrity issues. If data was not migrated in order from oldest
to newest, you might need to perform the migration again.
Playbooks run successfully.
Open migrated incidents and indicators to verify they
were migrated correctly.
Query for historical incidents, for example, the last six
months. Open older incidents and review Work Plan and War Room.