Install Cortex XSOAR for a Multi-Tenant Deployment with Elasticsearch

Install Cortex XSOAR for a multi-tenant deployment using an Elasticsearch database. Installer flags for multi-tenant deployment with Elasticsearch.
Multi-tenant deployments are only intended for MSSPs. If you are not an MSSP and want to deploy a multi-tenant environment, you must first consult with the Cortex XSOAR product management team. If you deploy a multi-tenant environment without approval from the product management team, Cortex XSOAR will not support the deployment.
Ensure you run all commands as root user.
Files and folders
These are the files and folders created during the multi-tenant installation.
File/Folder
Path
Binaries
/usr/local/demisto
Data
/var/lib/demisto
Logs
/var/log/demisto
Configuration
/etc/demisto.conf (this is not created if defaults are selected during installation).
  1. Download the server package you received from Cortex XSOAR support.
  2. Run the
    chmod +x demistoserver-{version}.sh
    to make the server package executable.
  3. To install the app server with Elasticsearch, run one of the following commands:
    • If using username and password authentication:
      sudo ./demistoserver-X.sh -- -multi-tenant -elasticsearch-url=<elastic search url address> -elasticsearch-username=<the elasticsearch user name> -elasticsearch-password=<the elasticsearch password>
    • If using API key authentication:
      sudo ./demistoserver-X.sh -- -multi-tenant -elasticsearch-url=<elastic search url address> -elasticsearch-api-key=<the elasticsearch API key>
    Flag
    Type
    Description
    -multi-tenant
    String
    Indicates that the installation is for a Multi-tenant deployment.
    -elasticsearch-url
    String
    Elasticsearch URL addresses (comma-separated). For example,
    http://test1:9200,http://test2:9200
    -elasticsearch-api-key
    String
    The Elasticsearch API key, which should be used in licensed versions.
    Note:
    If you use this flag, you do not need to use the
    -elasticsearch-username
    and
    -elasticsearch-password
    flags.
    -elasticsearch-username
    String
    The Elasticsearch username. This flag is used with the
    -elasticsearch-password
    flag.
    Note:
    If you use this flag, you do not need to use the
    -elasticsearch-url
    flag.
    -elasticsearch-password
    String
    The Elasticsearch password. This flag is used with the
    -elasticsearch-username
    flag.
    Note:
    If you use this flag, you do not need to use the
    -elasticsearch-url
    flag.
    -elasticsearch-proxy
    Boolean
    Whether to use a proxy when communicating with Elasticsearch. Can be
    true
    or
    false
    . Default is
    false
    .
    -elasticsearch-insecure
    Boolean
    Whether to trust any certificate when communicating with Elasticsearch. Can be
    true
    or
    false
    . Default is
    true
    .
    -elasticsearch-timeout
    Integer
    The amount of time (in seconds) before Elasticsearch times out. Default is 20 seconds.
    To continue with a high availability configuration, you must install an additional app server.

Recommended For You