System Requirements

Verify that your Cortex XSOAR deployment meets the minimum system requirements.
Cortex XSOAR requires the following software and hardware. Ensure you meet all minimum system requirements.
A WebSocket communications protocol is used in Cortex XSOAR for bi-directional data transfer between the client browser and the server. Verify that the Websocket protocol is allowed on your network, including for proxies.
Linux kernel 5.2 and specific later versions include a bug that may cause XSOAR to panic on x64 platforms due to corrupted memory. Therefore, make sure if XSOAR is running on kernel version 5.3 and later, one of the following fixed kernel versions is used:
  • 5.3.15 and later
  • 5.4.2 and later
  • 5.5 and later
You can identify your kernel version by running the
uname -a
or
uname -r
command.

Cortex XSOAR Server

Cortex XSOAR server has specific operating system and hardware requirements.
It is recommended that you use a dedicated server to run Cortex XSOAR and not run additional programs or software on the machine. If you run additional programs on the machine, performance will be affected.
Operating Systems
You can deploy Cortex XSOAR on the following operating systems and must meet the minimum hardware requirements:
Operating System
Supported Versions
Notes
CentOS
7.x, 8.x
Centos 8 End-of-Life - Dec 31, 2021
Ubuntu
16.04, 18.04, 20.04
Ubuntu 16.04 End-of-Life - April 30, 2021
RHEL
7.x
Oracle Linux
7.x
Amazon Linux
2
Hardware Requirements
Component
Dev Environment Minimum
Production Minimum
CPU
8 CPU cores
16 CPU cores
Memory
16GB RAM
32GB RAM
Storage
500GB SSD
1TB SSD with minimum 3k dedicated IOPS
If your hard drive is partitioned, we recommend a minimum of 450GB for the /var partition for the development environment, and 900GB for the /var partition for the production environment.
When deploying Cortex XSOAR with BoltDB, we recommend a limit of 1 million indicators for the development environment and 5-7 million indicators for the production environment. If you will have more indicators, we recommend using Elasticsearch.
Docker/Podman Requirements
Cortex XSOAR requires Docker or Podman for container management. Cortex XSOAR installs either Docker or Podman automatically based on your operating system. IPv4 forwarding is required.
You may need to take additional steps depending on your operating system.
Podman, by default, uses the
$HOME/.local/share/containers/storage
directory, and we recommend reserving 100GB for the /home partition.
Operating System
Action
Oracle Linux
Manually Install Docker.
RHEL v7 or CentOS v7 and below
You need Mirantis Container Runtime (formerly Docker Engine - Enterprise) or Red Hat's Docker distribution to run specific Docker-dependent integrations and automations. For more information see Install Docker Distribution for Red Hat on Cortex XSOAR.
RHEL v8 or CentOS v8
Run the following commands before Cortex XSOAR or engine installation:
  1. sudo touch /etc/subuid /etc/subgid
  2. sudo yum -y module install container-tools
  3. (
    CentOS 8.x only
    ) Install the
    tar
    package using the following command:
    sudo yum install -y tar

Web Browsers

Cortex XSOAR supports the following web browsers:
Web Browser
Version
Chrome
46.x and later
Safari
6.x and later
Firefox
43.x and later
Microsoft Edge
Latest version

Required URLs

You need to allow the following URLs for Cortex XSOAR to operate properly.
Function
Service
Port
Direction
Web interface
HTTPS
443 (configurable)
Inbound
Engine connectivity
HTTPS
443 (configurable)
Inbound
Integrations
Integration-specific ports
Inbound
REST API
HTTPS
https://api.demisto.com
443 (configurable)
Inbound
Docker
  • https://registry-1.docker.io
  • https://auth.docker.io
    (This URL may change according to Docker’s discretion).
  • https://production.cloudflare.docker.com
    (This URL may change according to Docker’s discretion).
443
Inbound on Docker URLs
Marketplace
  • storage.googleapis.com
    (Download Content Packs and view the Marketplace. This domain stores Content Pack artifacts. To view Content Pack images, the domain should also be reachable from the browser.) It is possible to further limit the url prefix to: https://storage.googleapis.com/marketplace-dist/
  • api.demisto.com
    (Download Content Packs and view the Marketplace. This file maps the Marketplace URL to the Cortex XSOAR version.)
    Note:
    You must add
    storage.googleapis.com
    and
    api.demisto.com
    , otherwise you cannot access the Marketplace.
  • xsoar-authentication-proxy.paloaltonetworks.com
    (Login and register users.)
  • xsoar-marketplace-review.paloaltonetworks.com
    (Review Content Packs.)
  • xsoar-marketplace-subscriptions.paloaltonetworks.com
    (Subscribe to Content Packs)
  • xsoar-premium-content-gateway.paloaltonetworks.com
    (Download premium Content Packs, including free premium Content Packs.)
  • xsoar-contrib.pan.dev
    (Contribute Content Packs)
443
Inbound on Marketplace server or GCP buckets

Recommended For You