Greetings--
Piggybacking on this post:
https://www.googlecloudcommunity.com/gc/SOAR-Forum/Using-Environments-for-Multi-Tenancy/m-p/687636#M1977
Are there any guides or syntax about how to link or associate
Forwarder Labels and Ingestion Labels and/or NameSpaces
to their respective Environments to support a multi-tenancy deployment?
e.g. I see in yaml:
env: dev
Any advice is helpful.
Thank you!!
Solved
Multi Tenancy & Forwarder Labels
- Bronze 1
Best answer by dlove40
If you're wanting to have a SOAR case created in a defined SOAR environment based on the ingestion label, you can define the environment details in the advanced section of the Google Chronicle SOAR connector.
I wrote up a series on apply Data RBAC in Chronicle SIEM and Chronicle in these two posts:
- https://medium.com/@thatsiemguy/data-rbac-in-chronicle-siem-6cb0ea32294e
- https://medium.com/@thatsiemguy/data-rbac-in-soar-8ca3fb0de5de
This provides examples of how to plan for using either Namespaces or Ingestion Labels and aligning the configuration across SIEM and SOAR components.
+4- Bronze 2
- Answer
If you're wanting to have a SOAR case created in a defined SOAR environment based on the ingestion label, you can define the environment details in the advanced section of the Google Chronicle SOAR connector.
Login to the community
Login with SSO
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.