Supported Cortex XSOAR Server version: 5.5 and above
Cortex XSOAR supports setting up long running integrations which expose an HTTP endpoint. Such integrations include:
- Palo Alto Networks PAN-OS EDL Service
- Export Indicators Service
- Microsoft Teams
When you initiate these integrations, they listen on an incoming HTTP port. The port is configured via the Listen Port setting of the integration. The HTTP interface can be accessed directly over the port, for example by running curl locally on the Cortex XSOAR Server machine (assuming the configured port is 7000 and HTTP is being used):
Important Note: Each integration instance should be configured with a unique listening port number.
To access the integration over the listening port via the Cortex XSOAR Server's DNS host, you would use (assuming the configured port is 7000 and HTTP is being used) the url:
http://<cortex_xsoar_dns>:7000. This requires opening the port to external access. Usually this involves a firewall or security group modification.
Starting with Cortex XSOAR Server v5.5 there is an option to route the HTTP request via the Cortex XSOAR Server's HTTPS endpoint. This is useful if you would like to avoid opening an additional port (the long running integration's port) on the Cortex XSOAR Server's machine to outside access.
To configure a long running integration to be accessed via Cortex XSOAR Server's https endpoint perform the following:
- Configure the long running integration to listen on a unique port
- Make sure the long running integration is setup to use HTTP (not HTTPS)
- Add the following advanced Server parameter:
- For example for an instance named edl set the following:
Note: The instance name is configured via the
Name parameter of the integration. Sample screenshot:
You will then be able to access the long running integration via the Cortex XSOAR Server's HTTPS endpoint. The route to the integration will be available at:
For example, to test access to an instance named
edl run the following curl command from the Cortex XSOAR Server's machine:
Or from a remote machine:
There is also the option to set a default value that all http long running integrations are exposed via the Cortex XSOAR's Server HTTPS endpoint. Do this by setting the following Server advanced parameter:
You can then also disable specific instances by setting:
The integration instance name used in the URL is case-sensitive.