Cortex XSOAR Engines Overview

Understand Cortex XSOAR engine architecture, load balancing groups, installation and configurations.
Cortex XSOAR engines are installed in a remote network and allow communication between the remote network and the Cortex XSOAR server. Although you cannot run scripts, you can run integration commands. It is possible to install a single engine or multiple engines.
You can install multiple engines on the same machine (Shell installation only) which is useful in a dev-prod environment where you do not want to have numerous engines in different environments, and to manage those machines. In a multi-tenant environment, users may want to deploy engines for tenants on the same machine, and you can share an engine between tenants.
You cannot share a multiple engine installation with a single engine installation.
An engine is used for the following purposes:

Engine Proxy

Cortex XSOAR engines enable the Cortex XSOAR server to access internal or external services that are otherwise blocked by a firewall or a proxy, etc. For example, if a firewall blocks external communication and you want to run the Rasterize integration, you need to install an engine to access the Internet.

Engine Architecture

Within the network, you need to allow the engine to access the Cortex XSOAR server's IP address and listening port (by default, TCP 443). The engine always initiates the communication to the server.

Engine Load-Balancing

Engines can be part of a load-balancing group, which enables distribution of the command execution load. The load-balancing group uses an algorithm to efficiently share the workload for integrations that the group is assigned to, thereby speeding up execution time. In general, heavy workloads are caused by playbooks that run a high number of commands.
Before configuring an integration to run using multiple engines in a load-balancing group, it is recommended that you test the integration using a single engine in the load-balancing group.
When you add an engine to a load balancing group, you cannot use that engine separately. The engine does not appear in the engines drop-down menu when configuring an integration instance.
By default, the Cortex XSOAR server is part of the load balancing group. It is recommended that you Remove the Cortex XSOAR Server From the Load-Balancing Group, which increases performance, when there are two or more engines in the load-balancing group, or if you use engines to access integrations that are inaccessible from the Cortex XSOAR server.

Engine Installation and Configuration

You can Install a Cortex XSOAR Engine on Linux and Windows machines. After installing the engine, you can Configure Engines, such as log levels, add/remove servers to a load-balancing group, use as a web proxy, etc. You can also Manage Engines, such as getting logs, add/remove engines, delete engines, remove engines, etc. Before installing, review the system requirements in system-requirements.html#idcb7f1917-7015-494e-8630-9d6a9a343d49_ide1724770-3cce-4116-9bd9-bbeaf313b206.
For Linux machines, you need to install Docker before installing an engine. If you use the Shell installer, Docker is automatically installed.

Recommended For You