Siemplify uses Environments to manage tenants. Each environment that represents a tenant \ customer is created with a set of metadata fields – customer image, customer name, description, contact name, phone and email and Siemplify Remote Agents configuration. In addition, the following capabilities are provided by Siemplify for additional value in a multi-tenant deployment:
Environment Operational Settings
The following settings are configured per environment to help with customer specific use-cases in daily operation: SLAs, custom lists, customer domains and networks, email templates, blacklisted items.
Connectors are applications that ingest alerts from different types of sources (SIEM, Database, Email box etc.) into Siemplify. Multiple connectors can run in parallel collecting alerts from local or remote products, and assigning them automatically to the relevant environment.
Connectors can also take into consideration the multi-tenancy defined in the source product (e.g. multi-tenant QRadar SIEM).
Ingested and collected data (Cases, Alerts, Events, Playbook Results etc.) is separated into environments. Each environment will contain data relevant to the customer, without any possibility for data moving to another environment. Data assigned to an environment will be visible to permitted users only.
All data is consolidated in a single queue with the same language for the SOC team (analyzed processes) – regardless of the source product.
Easier to onboard new customers (just switching the connector) and new security analysts (they don’t need to be experts in products).
Support more customers with different types of technologies (EK, Splunk, AlienVault etc.)
Security teams can view entities across the entire customer base or within the context of a specific environment (e.g. see if a malicious hash found on “Customer A” also appeared on “Customer B” site.)
Along with module permissions, users can also be assigned to the environments they can view or handle. Customers can also get limited user access to Siemplify to review dashboards, reports, playbooks etc. with their relevant information alone.
Integrations are defined per environment.
Extend the playbooks to customer remote sites, to allow security analysts (who have sufficient privileges) collect information and run IR processes on customers environment. Security teams can create generic playbooks (which can automatically pick the integration credentials relevant to the customer) and customer specific playbooks as-well.
Siemplify platform has the ability to orchestrate and automate workflows on remote \ separated networks. This ability allows MSSPs to extend the use cases between thier SOC and the customer.
Dashboards can be customer specific or generic.
In any case, it is always possible to filter a dashboard by environment.
Reports can be customer specific or generic. Siemplify provides periodic reports that can be generated automatically for different customers and purposes (e.g. weekly SLA, attacks statistics etc.) It is also possible to add customer logos to reports.
Need more help with this?
Click here to open a Support ticket