07-19-2022 06:58 AM
Dears,
Kindly need your support for the following:
• we need to install the below as security controls on our XSOAR server (RHEL8):
o McAfee Endpoint security (latest version) for Linux.
o Cyber Reason EDR.
• kindly provide what is the Antivirus exclusion list of Palo alto XSOAR.
• Kindly clarify if there will be any damage, conflict, or issues to our XSOAR server from installing the previous AV solutions.
• If there are any issues with installing the previously mentioned AV, kindly give us a recommendation for how to protect the server (RHEL8) without harming the XSOAR functionalities.
07-19-2022 06:28 PM
Hi @abdulazizh, the only one I can think of is an exclusion of the /var/lib/demisto folder. Since artifacts and attachments are stored there.
Performance wise, there should be no impact but it depends on the endpoint solution.
We do not document or recommend any hardening performed on the OS. You can do so at your own risk. You can also opt for an Air Gapped installation, refer - https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-8/cortex-xsoar-admin/installation/install-de...
You can follow our docker hardening guid here - https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-8/cortex-xsoar-admin/docker/docker-hardening....
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
