Use the Cortex XSOAR Container Registry - Administrator Guide - 6.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.5
Creation date
2022-09-28
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Access Cortex XSOAR's private container registry for docker images.

By default, Cortex XSOAR uses Docker Hub's public container registry. As an alternative to using Docker Hub, you can use the Cortex XSOAR private container registry (XSOAR Registry), which contains all Docker images that Cortex XSOAR uses in integrations and automations. When you use the XSOAR Container Registry, you can avoid limitations that Docker imposes on Docker Hub, for example rate limits. The registry is available at: xsoar-registry.pan.dev.

The XSOAR Registry requires authentication using the following credentials:

  • Username: Use the license Customer Name, by going to SettingsAboutLicense.

  • Password: Use the License ID. To obtain the License ID, go to the License file and copy the ID from the id property, or run the !GetLicenseID command, included in the Common Scripts content pack.

    The License ID starts and ends with the CUID string.

To pull Docker images from the XSOAR Registry, verify the following base URLs are allowed in your firewall/proxy:

  • https://xsoar-registry.pan.dev

  • https://storage.googleapis.com

When using a custom Docker registry, including the Cortex XSOAR Container Registry, you must include localhost when you create a custom Docker image. Examples:

  • localhost.local/directory/container_name

  • localhost/directory/container_name

  1. Authenticate to the XSOAR Registry.

    • For Docker: sudo -u demisto docker login -u <license customer name> -p <license id> xsoar-registry.pan.dev

    • For Podman (Red Hat 8.x): sudo su -s /bin/bash - demisto -c 'podman login -u "<license customer name>" -p "<license id>" xsoar-registry.pan.dev'

    If you see an error such as Error saving credentials: mkdir /home/demisto: permission denied, the demisto user is either missing the home directory or the permissions on the directory are not valid.

    1. To verify the home directory assigned to the demisto user, run echo ~demisto to display the home directory, such as: /home/demisto.

    2. To ensure the directory exists and has the correct permissions, run the following commands, using the directory from echo ~demisto:

      sudo mkdir -p /home/demisto

      sudo chown -R demisto:demisto /home/demisto

  2. Test that the XSOAR Registry is properly authenticated.

    • For Docker: sudo -u demisto docker pull xsoar-registry.pan.dev/demisto/python3:3.10.4.27798

    • For Podman (Red Hat 8.x): sudo su -s /bin/bash - demisto -c 'podman pull xsoar-registry.pan.dev/demisto/python3:3.10.4.27798'

  3. Add a server configuration.

    1. Select SettingsAboutTroubleshootingAdd Server Configuration.

    2. Add the following key and value:

    Key

    Value

    python.docker.registry

    xsoar-registry.pan.dev

    If you are using an engine, apply the same server configuration to the engine machine by adding

    {
      “python.docker.registry”: “xsoar-registry.pan.dev"
    							}

    to the JSON file.

  4. Reset containers by running the following command in the Cortex XSOAR Server Playground:

    /reset_containers

  5. Test a Docker based automation or integration. For example, from the Cortex XSOAR Server Playground, run the following command:

    !py script="print('test')"

  6. In the Cortex XSOAR Server Playground, verify that Docker images from xsoar-registry.pan.dev have been pulled, by running the following command:

    /docker_images

    The command /docker_images may also display Docker images pulled before enabling the XSOAR Registry or Docker images that were shipped as part of the server installer.

If you need to use external Docker images (images not available in the XSOAR Registry and not part of the demisto org) in custom content, specify the full image name with the registry prefix in the automation or integration configuration. For example:

  • docker.io/frolvlad/alpine-python2:latest

  • registry.access.redhat.com/ubi8/python-38:latest

  • myregistryhost:5000/myorg/myimage:version1.0