During the upgrade process, Security Analytics downloads the .tar image file to a local directory on the sensor before it extracts the ISO image file in preparation for the actual upgrade. There are several checks and balances that happen to ensure the image is valid and has not been tampered with.

1. Preparation: The server downloads a .tar file containing the encrypted software ISO and symmetric key.
2. Authentication: The system verifies and recovers the password using openssl.
3. Decryption: The .iso.aes-256 file is decrypted using the recovered password.
4. Verification: The resulting ISO is verified against the signed digest file (.iso.sha512).
5. Execution: The upgrade only proceeds if all integrity checks pass.