Palo Alto Cortex XSOAR Installation tutorial in Multi Tenant Architecture - Community Edition

PurpleXsec

31 Aug 202226:11

Summary

TLDRIn this tutorial, the speaker demonstrates how to install Cortex XSOAR in a multi-tenant architecture using the Bolt database on Ubuntu. They guide viewers through obtaining the installation package, setting up the main server and tenants, and configuring necessary resources. The process includes transferring installation files, executing commands, and ensuring services run properly. After installation, they cover account management and tenant configurations, highlighting the importance of tenant isolation for different customers. The video promises further content on upgrading multi-tenant environments, making it a valuable resource for users looking to optimize their XSOAR setup.

Takeaways

😀 Make sure to use a valid work email to acquire the Cortex XSOAR installation package.
😀 The default database for Cortex XSOAR is the Bolt database, which is crucial for multi-tenant setups.
😀 Create a main server VM with at least 5GB of RAM and 55GB of disk space for safe installation.
😀 Tenants require more disk space than the main server due to the storage of incidents and alerts.
😀 Using a Bridged network adapter is recommended for better accessibility and connectivity.
😀 You can transfer the Cortex XSOAR installer using WGET or WinSCP; the latter is often more convenient.
😀 After installation, ensure that Demisto services are running to access the web interface.
😀 Account management features will only appear after restarting Demisto services post-installation.
😀 Each tenant can be configured with its own roles, integrations, and content as needed for different clients.
😀 Regular monitoring of CPU and memory usage is important as resource demands can increase significantly with usage.

Q & A

What is Cortex XSOAR and what architecture is being used for its installation?
-Cortex XSOAR is a security orchestration and automation platform, and the installation discussed in the script uses a multi-tenant architecture with the Bolt database.
What are the requirements for acquiring the installation package?
-To acquire the installation package, you need a work email that is not from Gmail or Yahoo, and you must complete a registration form to receive an email from Palo Alto with the image link and license.
What operating systems can be used for the installation?
-The installation can be performed using Ubuntu or CentOS, with Ubuntu being preferred for convenience in the discussed setup.
How much RAM and storage are recommended for the main server?
-It is recommended to allocate at least 5GB of RAM and 55GB of storage for the main server to accommodate future data generation and operations.
What networking configuration is suggested during the installation?
-A bridged adapter is recommended for networking to provide a dedicated IP address for easier access and connection between the main host and tenants.
How can the installation image be transferred to the Ubuntu server?
-The installation image can be transferred using either WGET with the provided URL or WinSCP for a graphical interface file transfer.
What command is used to make the installation file executable?
-The command `chmod +x filename` is used to make the installation file executable before running it.
What is the default HTTPS port set during the installation?
-The default HTTPS port set during the installation is port 443.
What should be done if the account management tab is missing after installation?
-If the account management tab is missing, you need to restart the Demisto services to make it appear.
How are tenants typically managed in a multi-tenant environment?
-In a multi-tenant environment, each tenant can be configured with different integrations and roles, allowing for individualized management based on customer requirements.