End-of-Life (EoL)

Main Account to Tenant Communication Encryption

Configure two-way communication between main account and tenant for Cortex XSOAR Multi-Tenant deployment. Manage encryption and API keys.
In a multi-tenant deployment, communication is predominately from the main account to the host account, and then from the host to the tenants, unless when a host is first registered (communication from the host account to the main account).
Two-way communication should always be available between the main account and tenant account so that replies can be sent from the tenant to the main.

Encryption

By default, requests are encrypted using TLS using a Cortex XSOAR self-signed certificate. You can replace the certificate by creating your own certificate and private key.

Validation and authorization

Cortex XSOAR uses an internal API key so that the tenants or hosts can verify that the request originates from a main account and not from an unauthorized third party. An internal API key, kept on the main account, is used in all communications, and is passed to the tenants or host when they are created. The internal API key is passed to hosts on installer creation, and to tenants when they are created.
For requests that require authorization (such as when a user wants to view incidents from the main account) the user details are passed down in requests, so the tenant can decipher and query them.

Security

API keys are created by Cortex XSOAR. Requests are sent from an external source, which is received by Cortex XSOAR (usually a tenant) and interpreted as a request from an administrator. In multi-tenant environments, you need to consider where to create the API key.
  • If created on a main account, it will propagate to all tenants, so anyone with that key can send requests to any tenant in the environment.
  • If created on a tenant, you can only send requests to that tenant.

Recommended For You