Hey everyone!
I am working on setting up a multi-tenant dashboard in Google SecOps SIEM and could use some advice from the community.
Right now, we are tracking specific entities: files, domains, and URLs. We want to find a clean way to separate this data so each tenant only sees their own information on the dashboard.
I have two main questions:
1. How are you handling multi-tenancy? What is the best way to structure dashboards in Google SecOps when dealing with multiple tenants for file, domain, and URL data?
2. Is there a common field we can use for filtering? We are looking for a standard field where we can append the tenant's name to easily group and filter these specific entities. What fields do you recommend for this?
Additionally, how should we handle deduplication across tenants? Should we deduplicate within each tenant's data separately, or is there a global deduplication strategy that works better when dealing with shared entities (like domains or URLs that might appear across multiple tenants)?
