Install a Cortex XSOAR Engine

Install, deploy and configure Cortex XSOAR engines.
You can install Cortex XSOAR engines on all Linux and Windows machines. Although Cortex XSOAR engines are intended for Linux operating systems, they can be used on Windows, but Windows machines do not support Python integrations
After creating an engine in the
Settings
page, you download one of the following file types for installation on the engine machine:
  • Shell
    : For all Linux deployments, including Ubuntu, CentOS and RHEL, etc. Automatically installs Docker, downloads Docker images, enables remote engine upgrade, and allows installation of multiple engines on the same machine.
    The installation file is selected for you. Shell installation supports the purge flag, which by default is false.
  • DEB
    : For Ubuntu operating systems.
  • RPM
    : CentOS and RHEL operating systems. If you require a signed RPM file for installation, Install a Signed Engine.
    Use DEB and RPM installation when shell installation is not available. You need to install Docker and any dependencies.
  • Zip
    : Used for Windows machines.
  • Configuration
    : Configuration file for download. When you install one of the other options, this config file (d1.conf) is installed on the engine machine.
When you create the engine, the
python.engine.docker
key is set to
true
. If Docker is not available when the engine is created, the key is set to
false
. If this happens, in the
d1.conf
file, you need to set the key to
true
After you install and deploy an engine, there are several ways that you can Manage Engines. For Linux systems, you can run Python integrations on an engine. Ensure you have Python 2.7 or later installed on the engine machine. Running Python integrations needs to be through Docker.
Cortex XSOAR Engine Requirements
Cortex XSOAR engines are compatible with the following operating systems and must meet the minimum hardware requirements.
  • Windows
  • MacOS
  • Linux
For Docker or Podman to work correctly on an engine, IPv4 forwarding must be enabled. In addition, if installing on RHEL v8 or CentOS v8 ensure that you run the commands listed above (Docker/Podman Requirements).
Hardware Requirements
Component
Dev Environment Minimum
Production Minimum
CPU
8 CPU cores
16 CPU cores
Memory
16GB RAM
32GB RAM
Storage
50GB
50GB
If your hard drive is partitioned, we recommend a minimum of 35GB for the /var partition for your development environment, and 35GB for the /var partition for your production environment.
  1. Define the base URL.
    The base URL is the external IP address of your Cortex XSOAR server. If you do not define the base URL, you need to add it to the
    d1.conf
    file after you create the engine.
    1. Go to
      Settings
      About
      Troubleshooting
      .
    2. From the
      Server Configuration
      section, in the
      Base URL (for D2 Agents and Engines)
      type the Base URL.
      For example, for https://ec2-54-228-48-128.eu-west-1.compute.amazonaws.com/, type
      eu-west-1.compute.amazonaws.com
      We recommend using the FQDN (fully qualified domain name). If the engine does not have an external address, the IP address can be used instead of the FQDN. For high availability environments or multi-tenant deployments, the FQDN should always be used.
  2. Create an engine.
    1. Select
      Settings
      Integrations
      Engines
      Create New Engine
      .
    2. In the
      Engine Name
      field, add a meaningful name for the engine.
    3. Select one of the installer types from the drop down list.
      For Linux systems it is recommended to use the Shell installer.
    4. (
      Optional
      ) If you want to add the engine to a load balancing group, from the drop down list, select the group you want to add.
      The dropdown list only appears after you have created and connected an engine and created a load balancing group. To add the engine to a new group, select
      Add new group
      from the drop down list.
      The engine cannot be used as an individual engine and does not appear when configuring an engine from the drop down list.
    5. (
      Optional
      ) (
      Shell only
      ) Select the checkbox to enable multiple engines to run on the same machine.
      If you have an existing engine, you did not select the checkbox, and you want to install another engine on the same machine, you need to delete the existing engine.
    6. (
      Optional
      ) Add any required configuration in JSON format.
    7. Click
      Create New Engine
      .
  3. For Shell installation, do the following:
    1. Move the
      .sh
      file to the engine machine using a tool like SSH or PuTTY.
    2. On the engine machine, grant execution permission by running the following command:
      chmod +x /<engine-file-path>
    3. Run as a root user
    4. Install the engine by typing one of the following commands:
      With tools:
      sudo
      <engine-file-path>
      Without tools:
      sudo
      <engine-file-path> -- -tools=false
      If you receive a
      permissions denied
      error, it is likely that you do not have permission to access the
      /tmp
      directory. Run the
      ./demisto.sh --target {/targetFolder}
      command. The {targetFolder} can be any folder to which you have write access.
  4. For RPM/DEB installation do the following:
    1. Move the file to the required machine using a tool like SSH or PuTTY.
    2. Type one of the following installation commands:
      Machine Type
      Install Command
      CentOS/RHEL (RPM)
      sudo rpm -Uvh d1-2.5_15418-1.x86_64.rpm
      Ubuntu (DEB)
      sudo dpkg --install d1_xxx_amd64.deb
    3. Start the engine by running one of the following commands:
      Machine Type
      Start Command
      CentOS/RHEL (RPM)
      sudo systemctl start d1
      Ubuntu (DEB)
      sudo service d1 restart
  5. For zip file installation, do the following.
    1. Move the d1
      zip
      file to the engine machine using a tool like WinSCP.
    2. Unzip the file and move it to any location you require.
    3. Open the file and run the d1_windows_amd64.exe file.
      Every time you want to connect to Cortex XSOAR you need to run the D1 Application file. Alternatively, you can run the engine as a service.
  6. (
    Optional
    ) If you experience performance issues you may need to Configure the Number of Workers for the Server and Engine.

Recommended For You