Install Cortex XSOAR for a Single Server Deployment
Installation instructions for standard Cortex XSOAR single server deployments, with the app server and database server on the same machine. Minimum requirements.
In a standard Cortex XSOAR deployment, the app server and database server are installed on the same machine.
If you are deploying a signed installer:
- You need to import the public key to the operating system. The public key is valid for six months.
- If you are using engines or hosts in a multi-tenant environment, you need to installmakeself.
Installation File Structure
This is the file and folder structure in a standard Cortex XSOAR installation.
By default, Cortex XSOAR is installed in the
/rootfolder, but you can change the default folder, if necessary.
/etc/demisto.conf(will not be created if defaults are selected during installation)
If you want to create different mounts for the
/tmppartitions, it is recommended to allocate the following space to each partition (dependent on the expected amount of data, and the size of your incidents and indicators).
- /var/lib/demisto: 200 GB (development) 1000 GB (production)If using Elasticsearch, see Elasticsearch System Requirements.
- /var/lib/docker: 70 GB (development) 150 GB (production)
- /tmp: 10 GB (development and production)
Verify the following information and requirements before you install Cortex XSOAR.
- You have root access.
- Download Cortex XSOAR from the link that you received from Cortex XSOAR Support by running the following command.wget -O demisto.sh “<downloadLink>”For example,wget -O demisto.sh “https://firstname.lastname@example.org&eula=accept”
- (Optional)If you are deploying Cortex XSOAR using a signed installer (GPG), you need to import the GPG public key that was provided with the signed installer.For example, you can use therpm --import public.keycommand to import the public key into the local GPG keyring. Note that each operating system has specific requirements.
- (Optional)If you are deploying Cortex XSOAR using a signed installer (GPG) you might need to manually install themakeselfpackage by running theyum install makeselfcommand.
- Run thechmod +x demisto.shcommand to convert the.shfile to an executable file.
- Execute the.shfile, by running the following command.sudo ./demisto.sh
- Accept the EULA and add the information when prompted.
- The Server HTTPS port (default is 443)
- If want to use Elasticsearch, enter the Elasticsearch details, such as the URL, timeout, etc.
- Type the name of the Admin user (default is admin).
- Type the password (default is admin).
- (Optional)After the installation has completed, do the following:
- Confirm that the Cortex XSOAR server status is active, by running thesystemctl status demistocommand.If the server is not active, run thesystemctl start demistocommand to start the server.
- Confirm that the Docker service status is active, by running thesystemctl status dockercommand.
- In a web browser, go to thehttps://to verify that Cortex XSOAR was successfully installed.serverURL:portWhen you open Cortex XSOAR for the first time you need to add the license.
Recommended For You
Recommended videos not found.