Configure the Multi-Tenant Deployment - Multi-Tenant Guide - 6.6 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Multi-Tenant Guide

Product
Cortex XSOAR
Version
6.6
Creation date
2022-09-29
Last date published
2023-06-08
End_of_Life
EoL
Category
Multi-Tenant Guide

After you have installed Cortex XSOAR Multi-Tenant, you can configure the tenant. host, and the main host in the ACCOUNT MANAGEMENT page (SettingsACCOUNT MANAGEMENT).

In the Accounts tab, you can do the following:

Action

Description

Add Account

Add a tenant to a host.

Roles and Propagation

You can roles who can access the tenant account and Add Propagation Labels to an Existing Tenant Account to determine which content items are eligible for syncing.

Sync

Sync content to Tenant Accounts.

Start/Stop

The tenant is not deleted from the database, but you cannot access the account from the port.

Change host

If you add a host to the Main Account you can change the host. Useful when capacity has been reached on an existing server.

Move to HA Group

Relevant for High Availability. You need to create a HA Group before you can move the host to an HA group

Block/Unblock

Blocks/unblocks the account at proxy level (you can still access the tenant via the port).

Delete account

Removes the tenant from the database.

Download logs

Download a log bundle for troubleshooting.

Export to CSV

Enables to export the table to a CSV file

In the Hosts tab, you can add, delete, or rename a host or host group. When using Elasticsearch, you can make a host highly available or add a new host to a selected high availability group. When adding a host/host group, you need to download and install the installation package from the Main Account.

In the Hosts tab, you can do the following:

Action

Description

Make Host Highly Available

(Elasticsearch) - This option is available when you already have a host. When you choose Make Host Highly Available, a host installer file is provided for download. Use this dedicated installer to install additional hosts. The new hosts are automatically configured to connect to the relevant Elasticsearch index. When multiple hosts are configured for the same Elasticsearch index, they are in the same high availability group.

When you run this installer file, the elasticsearch-insecure flag must be set to true and the elasticsearch-api-key (encoded value) or the elasticsearch-username and elasticsearch-password must be provided.

Add a New Host to Selected HA Group

(Elasticsearch) - Use this option if you already have a high availability group and want to add an additional host with the same data for an additional level of redundancy. When you choose Add a New Host to Selected HA Group a host installer file is provided for download. The installer file includes the configuration for the existing Elasticsearch index.

When you run this installer file, the elasticsearch-insecure flag must be set to true and the elasticsearch-api-key (encoded value) or the elasticsearch-username and elasticsearch-password must be provided.

Rename

Rename an existing host or high availability group.

Delete

Delete an existing host or high availability group.

New Host/HA group

New Host provides an empty host installer file. The option to download a new host installer file is available for both Elasticsearch and BoltDB deployments. For Elasticsearch deployments, you can use the empty host installer file with a customized script to add hosts to a high availability group, passing the Elasticsearch index and cluster URL as arguments in the script.

HA group (Elasticsearch) - When creating a new high availability group, you must provide the HA Group name, the Elasticsearch cluster URL and the Elasticsearch index prefix.

When you run this installer file, the elasticsearch-insecure flag must be set to true and the elasticsearch-api-key (encoded value) or the elasticsearch-username and elasticsearch-password must be provided.

Once the main host servers are highly available, you can no longer host new accounts on those servers. Existing accounts on the Main host will still exist, but are not highly available. In this situation, Cortex XSOAR recommends that you move the accounts from the Main host to an HA group. For more information, see High Availability Overview.High Availability Overview

In the Main Hosts tab, you can view details about the main host, and Configure Live Backup.