Upgrade the Cortex XSOAR Server
Upgrading the Cortex XSOAR server including preparation, upgrade and post upgrade steps.
The installer automatically detects the existing configurations and applies them to the upgraded server.
High Availability) - When upgrading a high availability environment, you must stop the demisto service on all application servers prior to performing the upgrade. Rolling upgrades are not supported.
To purchase content packs or write reviews for content packs in the Marketplace, you need to obtain a new license. For more information, contact Customer Support.
- Prepare the Cortex XSOAR server for upgrade.
- Take a snapshot of the server.
- Back up your content by selecting.Settings > About > Troubleshooting > Export
- Disable any external systems that push incidents to Cortex XSOAR, such as Splunk and Elasticsearch.
- Obtain a list of integrations that are in a failed state by running the!FailedInstancescommand in the CLI. This is useful to compare after upgrade.
- Download the new installer and copy it to all the servers that will be upgraded.wget -O demisto.sh "<downloadLink>"You can use the original URL that was sent to you when installing Cortex XSOAR by adding&downloadName=<version>_latestto the URL. For example, for v6.1, type the following:https://firstname.lastname@example.org&downloadName=6_1_latest&eula=acceptIf you do not have the original URL, open a Customer Support ticket and select theDownload Linkoption. The link is then sent automatically.Cortex XSOAR uses the/tmpfolder for installation. If the folder is blocked by policy, you need to specify a new directory or use/var/tmpdirectory by adding the-targetargument to installation before any other flag. For example,sudo ./demisto.sh -target /var/tmp --multi-tenant
- Run the following command to allow the.shfile to run as an executable file.chmod +x demisto.sh
- (Disaster Recovery and High Availability only) Stop the Cortex XSOAR server.sudo service demisto stopIf you are using backup servers for Disaster Recovery, first stop the primary server and then any backup servers.For High Availability, stop all app servers.
- Run the installer file.sudo ./demisto.shFor Disaster Recovery, run the installer on the secondary (backup) server. Once it is up and running, run the installer on the primary server.For High Availability, run the installer file on one app server to trigger the database upgrade. When available, log in to the app server. You can then upgrade any additional app servers.
- After the upgrade completes, do the following.
- Confirm the Cortex XSOAR server status is active by running thesystemctl status demistocommand.If the server is not active, run thesystemctl start demistocommand to start the server.
- Confirm the Docker service status is active by running thesystemctl status dockercommand.
- Check that all custom content prior to upgrade appears.
- Check that all incidents prior to upgrade appear.
- Run the!FailedInstancescommand to compare the results in step 1.3 and fix any failed instances.
- Ensure all integrations that were enabled prior to upgrade are available in the CLI/Playbooks.
- Upgrade any existing engines.
- Reattach out of the box Incident types (from Content Packs) to receive content updates.After upgrading from v6.0 and below, all installed incident types are in a Detached state, which means that updates from Content Packs do not affect the incident type configuration. If you want to receive content updates for detached incident types, reattach the incident type.
- Enable the external systems you disabled in step 1.2.
Recommended For You
Recommended videos not found.