Multi Tenancy & Forwarder Labels

Question

Greetings--Piggybacking on this post:https://www.googlecloudcommunity.com/gc/SOAR-Forum/Using-Environments-for-Multi-Tenancy/m-p/687636#M1977Are there any guides or syntax about how to link or associateForwarder Labels and Ingestion Labels and/or NameSpacesto their respective Environments to support a multi-tenancy deployment?e.g. I see in yaml:env: devAny advice is helpful.Thank you!!

dlove40 · Accepted Answer

If you're wanting to have a SOAR case created in a defined SOAR environment based on the ingestion label, you can define the environment details in the advanced section of the Google Chronicle SOAR connector.

https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/google-chronicle#connector_inputs

cmmartin_google · Answer

I wrote up a series on apply Data RBAC in Chronicle SIEM and Chronicle in these two posts:

https://medium.com/@thatsiemguy/data-rbac-in-chronicle-siem-6cb0ea32294e

https://medium.com/@thatsiemguy/data-rbac-in-soar-8ca3fb0de5de

This provides examples of how to plan for using either Namespaces or Ingestion Labels and aligning the configuration across SIEM and SOAR components.

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded