Greetings--
Piggybacking on this post:
https://www.googlecloudcommunity.com/gc/SOAR-Forum/Using-Environments-for-Multi-Tenancy/m-p/687636#M1977
Are there any guides or syntax about how to link or associate
Forwarder Labels and Ingestion Labels and/or NameSpaces
to their respective Environments to support a multi-tenancy deployment?
e.g. I see in yaml:
env: dev
Any advice is helpful.
Thank you!!
Solved
Multi Tenancy & Forwarder Labels
- Bronze 1
Best answer by dlove40
If you're wanting to have a SOAR case created in a defined SOAR environment based on the ingestion label, you can define the environment details in the advanced section of the Google Chronicle SOAR connector.
+11I wrote up a series on apply Data RBAC in Chronicle SIEM and Chronicle in these two posts:
- https://medium.com/@thatsiemguy/data-rbac-in-chronicle-siem-6cb0ea32294e
- https://medium.com/@thatsiemguy/data-rbac-in-soar-8ca3fb0de5de
This provides examples of how to plan for using either Namespaces or Ingestion Labels and aligning the configuration across SIEM and SOAR components.
+4- Bronze 2
- Answer
If you're wanting to have a SOAR case created in a defined SOAR environment based on the ingestion label, you can define the environment details in the advanced section of the Google Chronicle SOAR connector.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.