1. Home
    2. Security Operations
    3. Cortex XSOAR
    4. Cortex XSOAR Multi-Tenant Guide
    5. Install Cortex XSOAR for a Multi-Tenant Deployment
    6. Install Cortex XSOAR for a Multi-Tenant Deployment with Elasticsearch

    Install Cortex XSOAR for a Multi-Tenant Deployment with Elasticsearch

    Install Cortex XSOAR for a multi-tenant deployment using an Elasticsearch database. Installer flags for multi-tenant deployment with Elasticsearch.
    Multi-tenant deployments are only intended for MSSPs and certain enterprise use cases. If you are not an MSSP and want to deploy a multi-tenant environment, you must first consult with the Cortex XSOAR product management team. If you deploy a multi-tenant environment without approval from the product management team, Cortex XSOAR will not support the deployment.
    Ensure you run all commands as root user.
    Files and folders
    These are the files and folders created during the multi-tenant installation.
    File/Folder
    Path
    Binaries
    /usr/local/demisto
    Data
    /var/lib/demisto
    Logs
    /var/log/demisto
    Configuration
    /etc/demisto.conf (this is not created if defaults are selected during installation).
    1. Download the server package you received from Cortex XSOAR support.
    2. Run the
      chmod +x demistoserver-{version}.sh
       to make the server package executable.
    3. To install the app server with Elasticsearch, run one of the following commands:
      • If using username and password authentication:
        sudo ./demistoserver-X.sh -- -multi-tenant -elasticsearch-url=<elastic search url address> -elasticsearch-username=<the elasticsearch user name> -elasticsearch-password=<the elasticsearch password>
      • If using API key authentication:
        sudo ./demistoserver-X.sh -- -multi-tenant -elasticsearch-url=<elastic search url address> -elasticsearch-api-key=<the elasticsearch API key>
      Flag
      Type
      Description
      -multi-tenant
      String
      Indicates that the installation is for a Multi-tenant deployment.
      -elasticsearch-url
      String
      Elasticsearch URL addresses (comma-separated). For example,
      http://test1:9200,http://test2:9200
      -elasticsearch-api-key
      String
      The Elasticsearch API key, which should be used in licensed versions.
      Note:
      If you use this flag, you do not need to use the
      -elasticsearch-username
       and
      -elasticsearch-password
       flags.
      -elasticsearch-username
      String
      The Elasticsearch username. This flag is used with the
      -elasticsearch-password
       flag.
      Note:
      If you use this flag, you do not need to use the
      -elasticsearch-url
       flag.
      -elasticsearch-password
      String
      The Elasticsearch password. This flag is used with the
      -elasticsearch-username
       flag.
      Note:
      If you use this flag, you do not need to use the
      -elasticsearch-url
       flag.
      -elasticsearch-proxy
      Boolean
      Whether to use a proxy when communicating with Elasticsearch. Can be
      true
       or
      false
      . Default is
      false
      .
      -elasticsearch-insecure
      Boolean
      Whether to trust any certificate when communicating with Elasticsearch. Can be
      true
       or
      false
      . Default is
      true
      .
      -elasticsearch-timeout
      Integer
      The amount of time (in seconds) before Elasticsearch times out. Default is 20 seconds.
      To continue with a high availability configuration, you must install an additional app server.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo