Install Cortex XSOAR for a Single Server Deployment
Installation instructions for standard Cortex XSOAR single server deployments, with the app server and database server on the same machine. Minimum requirements.
In a standard Cortex XSOAR deployment, the app server and database server are installed on the same machine.
If you are deploying a signed installer:
- You need to import the public key to the operating system. The public key is valid for six months.
- If you are using engines or hosts in a multi-tenant environment, you need to installmakeself.
Installation File Structure
This is the file and folder structure in a standard Cortex XSOAR installation.
By default, Cortex XSOAR is installed in the
/rootfolder, but you can change the default folder, if necessary.
/etc/demisto.conf(will not be created if defaults are selected during installation)
If you want to create different mounts for the
/tmppartitions, it is recommended to allocate the following space to each partition (dependent on the expected amount of data, and the size of your incidents and indicators).
- /var/lib/demisto: 200 GB (development) 1000 GB (production)If using Elasticsearch, see Elasticsearch System Requirements.
- /var/lib/docker: 70 GB (development) 150 GB (production)
- /tmp: 10 GB (development and production)
Verify the following information and requirements before you install Cortex XSOAR.
- You have root access.
- Download Cortex XSOAR from the link that you received from Cortex XSOAR Support by running the following command.wget -O demisto.sh “<downloadLink>”For example,wget -O demisto.sh “https://firstname.lastname@example.org&eula=accept”
- (Optional)If you are deploying Cortex XSOAR using a signed installer (GPG), you need to import the GPG public key that was provided with the signed installer.For example, you can use therpm --import public.keycommand to import the public key into the local GPG keyring. Note that each operating system has specific requirements.
- (Optional)If you are deploying Cortex XSOAR using a signed installer (GPG) you might need to manually install themakeselfpackage by running theyum install makeselfcommand.
- Run thechmod +x demisto.shcommand to convert the.shfile to an executable file.
- Execute the.shfile, by running the following command.sudo ./demisto.sh
- Accept the EULA and add the information when prompted.
- The Server HTTPS port (default is 443)
- If want to use Elasticsearch, enter the Elasticsearch details, such as the URL, timeout, etc.
- Type the name of the Admin user (default is admin).
- Type the password (default is admin).
- (Optional)After the installation has completed, do the following:
- Confirm that the Cortex XSOAR server status is active, by running thesystemctl status demistocommand.If the server is not active, run thesystemctl start demistocommand to start the server.
- Confirm that the Docker service status is active, by running thesystemctl status dockercommand.
- In a web browser, go to thehttps://to verify that Cortex XSOAR was successfully installed.serverURL:portWhen you open Cortex XSOAR for the first time you need to add the license.
In some cases, due to moving previous installation files, the installation can fail and the following error message is displayed:
mv: cannot stat '/var/lib/dpkg/info/demistoserver.postrm': No such file or directory Failed to execute: 'mv': exit status 1
There are two options to resolve this issue:
- Make a note of the path to thedemistoserver.postrmfile. Rerun the installation using this path for the ---prev-uninstall-scriptflag. Example:-- -prev-uninstall-script="/path/to/demistoserver.postrm"
- Rerun the installation with the flag-- -use-prev-uninstall-script=true. Note that if you use this flag and have previously created a special ID & group for demisto users, the demisto user and group are deleted and recreated during installation.
Recommended For You
Recommended videos not found.