Just following up on the previous suggestion. The containers.high.water.mark configuration adds an upper limit to the number of containers per image that will remain active and containers.low.water.mark is the corresponding lower limit. This means that at any point, there will be a number of active containers that correspond to the low water mark, in order to avoid the overhead of cold starting the container. Depending on your use cases, the containers required to process them may also vary with respect to dependencies. So, a single image solution is not the most effective one. As per the previous recommendation, I would start by hardening docker (https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Docker-Hardening-Guide) to keep docker in check.
... View more