Use the Cortex XSOAR Container Registry

Access Cortex XSOAR's private container registry for docker images.
By default, Cortex XSOAR uses Docker Hub's public container registry. As an alternative to using Docker Hub, you can use the Cortex XSOAR private container registry (XSOAR Registry), which contains all Docker images that Cortex XSOAR uses in integrations and automations. When you use the XSOAR Container Registry, you can avoid limitations that Docker imposes on Docker Hub, for example rate limits. The registry is available at:
xsoar-registry.pan.dev
.
The XSOAR Registry requires authentication using the following credentials:
  • Username: Use the license Customer Name, by going to
    Settings
    About
    License
    .
  • Password: Use the License ID. To obtain the License ID, go to the License file and copy the ID from the
    id
    property, or install the Get License ID Content Pack from the Marketplace, and run the
    !GetLicenseID
    command.
    The License ID starts and ends with the CUID string.
To pull Docker images from the XSOAR Registry, verify the following base URLs are allowed in your firewall/proxy:
  • https://xsoar-registry.pan.dev
  • https://storage.googleapis.com
When using a custom Docker registry, including the Cortex XSOAR Container Registry, you must include
localhost
when you create a custom Docker image. Examples:
  • localhost.local/directory/container_name
  • localhost/directory/container_name
  1. Authenticate to the XSOAR Registry:
    sudo -u demisto docker login -u
    <license customer name>
    -p
    <license id>
    xsoar-registry.pan.dev
    If you see an error such as
    Error saving credentials: mkdir /home/demisto: permission denied
    , the demisto user is either missing the home directory or the permissions on the directory are not valid.
    1. To verify the home directory assigned to the demisto user, run
      echo ~demisto
      to display the home directory, such as:
      /home/demisto
      .
    2. To ensure the directory exists and has the correct permissions, run the following commands, using the directory from
      echo ~demisto
      :
      sudo mkdir -p
      /home/demisto
      sudo chown -R demisto:demisto
      /home/demisto
  2. Add a server configuration.
    1. Select
      Settings
      About
      Troubleshooting
      Add Server Configuration
      .
    2. Add the following key and value:
    Key
    Value
    python.docker.registry
    xsoar-registry.pan.dev
    If you are using an engine, apply the same server configuration to the engine machine by adding
    { “python.docker.registry”: “xsoar-registry.pan.dev" }
    to the JSON file.
  3. Reset containers by running the following command in the Cortex XSOAR Server Playground:
    /reset_containers
  4. Test a Docker based automation or integration. For example, from the Cortex XSOAR Server Playground, run the following command:
    !py script="print('test')"
  5. In the Cortex XSOAR Server Playground, verify that Docker images from xsoar-registry.pan.dev have been pulled, by running the following command:
    /docker_images
    The command
    /docker_images
    may also display Docker images pulled before enabling the XSOAR Registry or Docker images that were shipped as part of the server installer.
If you need to use external Docker images (images not available in the XSOAR Registry and not part of the demisto org) in custom content, specify the full image name with the registry prefix in the automation or integration configuration. For example:
  • docker.io/frolvlad/alpine-python2:latest
  • registry.access.redhat.com/ubi8/python-38:latest
  • myregistryhost:5000/myorg/myimage:version1.0

Recommended For You