Skip to main content

Legacy Cloud SOAR Architecture


This article only applies to organizations having a legacy Cloud SOAR instance URL matching the pattern * If it doesn't, refer to Cloud SOAR Architecture for documentation of our latest Cloud SOAR SaaS version.


Cloud SOAR Security Operations (Cloud SOAR SO) supports a multi-tenant architecture, typically for a Managed Security Service Provider (MSSP) to support management of multiple customers in isolated environments.

Tenants are separately managed in a segregated Cloud SOAR instance with complete isolation of all the platform's functions. Additionally, a Master Console is available to manage all the instances (create, destroy, monitor) and to provide aggregated reporting.

All multi-tenant installations offer:

  • Separate schema or databases for each individual tenant
  • Logical or physical segregation of tenants
  • A Superuser role that provides visibility on all tenants and provides for execution of administrative duties, analytics, dashboards, and reporting
  • Individual administrators otherwise segregated to each tenant
  • Isolation of external actions (e.g., enrichment of indicators of compromise, containment actions prescribed to a host)
Multiple database symbols

Automated Responder Knowledge (DF-ARK)

Cloud SOAR's Automated Responder Knowledge (DF-ARK) module utilizes machine learning through historical responses to past incidents and threat intelligence feeds to enrich new incidents. This enrichment allows Cloud SOAR to recommend relevant Playbooks and plans of action to expedite detection and response times.

Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.