Prerequisites
The following sections describe the system and network requirements. Specific apps may have additional requirements, as described in the app’s documentation.
Minimum system requirements for installing the Integration server
Depending on which apps are installed, the integration server might require more resources. For example, some apps that operate on files in memory might require extra memory. Apps that run decryption tasks might need more CPU. Therefore, you might need to increase those resources.
| Requirement | Details |
|---|---|
| Operating system |
You must have one of the following operating systems.
|
| Python (Required for Python-based apps) |
The following Python versions are supported:
Note: Python 3.12 is not supported.
On a Linux system, you can verify the Python version by
using the following command: The Python installation must include the If you are using a key ring backend, the backend might require a later version of Python. |
| Operating system account |
The SOAR Platform requires a dedicated operating system account for running apps. The Resilient Circuits components run as an
unprivileged user, typically named |
| Storage |
5 GB (minimum) |
| Memory (RAM) |
8 GB (minimum) |
| Text editor |
A text editor, such as Nano, is required to edit the configuration file. |
SOAR platform
- Version 31 or later. Some apps may require a later version.
- Dedicated user account to use as the API user specifically for the integration server. The
system administrator provides the account, its credentials and set of permissions. The administrator
provides one of the following accounts.
- User account with user name (in the form of an email address) and password. With most apps, the account must have the permission to view and edit incidents, and view and modify administrator and customization settings. If the SOAR organization has Two Factor Authentication enabled, the account is configured as excluded.
- API key account with ID and secret, only if using V35.2 or later of the SOAR Platform and Resilient Circuits. This is a more secure account. With most apps, the account must have the permission to view and edit incidents, and view and modify administrator and customization settings. If using the SOAR MSSP add-on deployment, the SOAR Platform must be V38 or later.
IMPORTANT: If using multiple instances of the integration server, each server must be assigned its own unique account.
For more information about accounts, refer to the System Administrator Guide.
IBM Security® recommends that you use a SOAR Platform in a test environment to create the function, message destination, rules, workflows and other components needed for your app. This can be a separate SOAR Platform or a SOAR organization within your platform dedicated for testing. Once tested, you can deploy the app into any SOAR Platform that is at the same or later version as your test platform.
Network configuration
- 443. Required for the app to connect to SOAR data using the REST API.
- 65000. Only if supporting Java™-based apps. The integration server communicates with port 65000 of the platform using ActiveMQ OpenWire.
- 65001. Only if supporting Python-based apps. All SOAR functions are Python-based. The integration server communicates with port 65001 of the platform using the STOMP messaging protocol.
- 9000 (default). Only if supporting custom threat feeds, which is not applicable for a SOAR Platform in a cloud configuration. The platform must be in your environment. The SOAR Platform communicates with the integration server over HTTPS on a port that you choose (by default on port 9000).
If the integration server has access to the Internet, make sure the server can access the pypi.org, python.pypi.org and files.pythonhosted.org web sites.