Skip to main content

Cloud SOAR for MSSPs (Legacy Only)

info

This article only applies to organizations having a legacy Cloud SOAR instance URL matching the pattern *.soar.sumologic.com. If it doesn't, refer to Cloud SOAR for documentation of our latest Cloud SOAR SaaS version.

This topic describes Cloud SOAR for MSSPs, a full-featured instance of legacy Cloud SOAR designed for internal MSSP use. Using Cloud SOAR for MSSPs is virtually the same as using a standard Cloud SOAR instance. There are a few differences, which this page highlights.

Diagram showing an MSSP containing multiple tenants

Users in an MSSP access Cloud SOAR for MSSPs using the MSSP Console, a UI that centralizes management, aggregated reporting, and comprehensive tenant visibility.

You can use the MSSP Console to quickly propagate content like new and updated playbooks, custom fields, and so on. Communications between the MSSP Console and tenants use a secure HTTP protocol.

The MSSP Console is similar to the standard Cloud SOAR UI. One difference you’ll notice is the icon in the upper right corner of the UI.

MSSP icon

When you click that icon, a dropdown menu displays the following options:

  • MSSP Dashboard. A customizable view that provides visibility into tenant incidents and tasks.
  • Nodes Management. Enables monitoring and management of tenants.
  • Custom Fields. For editing existing Cloud SOAR fields, creating Custom Fields, and pushing fields to tenants.
  • Playbooks. For managing automated and semi-automated workflows and pushing them to tenants.

The sections below introduce each of these components.

MSSP Dashboard​

The MSSP Dashboard is highly customizable. You can use out-of-the-box widgets or create new ones containing specific information for each tenant. Dashboards can be exported in Excel or PDF format.

The screenshot below is the page you’ll see when you customize the MSSP Dashboard.

Dashboard customize screen

This screenshot shows a list of widgets that can be added to the MSSP Dashboard.

Widget dropdown menu on the Dashboard customize screen

The Edit widget popup allows you to configure options for the widget. In the Details tab, you can tailor the widget title, the time range for the data to be presented, and when to start the time range with respect to the incident lifecycle, and the refresh period.

Edit widget screen

This Tenants tab allows you to select the tenants for which the widget will report.

Tenants tab on the Edit widget screen

For more information about Cloud SOAR dashboards, see Dashboards.

Nodes Management​

The Nodes Management page shows the status of all paired child tenants and provides the following actions you can perform:

  • Ping. Active status check (PING).
  • Connect. Connect to tenant.
  • Edit. Edit the configuration of a tenant.
  • Unpair. Unpair a tenant.
Nodes Management screen

Playbook​

You can use the Playbook page to create and edit Playbooks, and to push Playbooks to tenants.

The screen below displays a list of playbooks that have been created, in this case, one Playbook.

Playbook screen

When you click a Playbook in the list, the Playbook is displayed. You can click Push to All Tenants to propagate the Playbook.

Example playbook

You’ll be offered the option to push the Playbook to selected tenants, as desired.

Push to tenants option

Custom Fields​

The Custom Fields page allows you to create and manage Custom Fields, and to push fields to tenants.

The Synchronize icon indicates the status of the Custom Field in terms of propagation. If the icon is highlighted in blue, the field has been synchronized with tenants. You can use the Push Field button to propagate the Custom Field, as necessary.

The screenshots below each show a list of Custom Fields for Incidents. This page is very similar to the equivalent page in a standard Cloud SOAR instance, but note the addition of two icons at the right side of each row. The circular icon is the Synchronized indicator. The arrow is the Push Field option.

When you mouse over the icons, you’ll see Synchronized and Push Field.

Push field button Synchronized label

For more information about Custom Fields, see Customization.

Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.