SOAR for MSSPs
The SOAR for Managed Security Service Providers (MSSP) provides managed security service providers with the ability to manage multiple customers' cases from a single dashboard. Customer case data is stored separately, but can be accessed and viewed from one dashboard.
Two main persona for SOAR for MSSP are described below.
- Configuration and administration users
- The architecture is based on a Provider account and one or more Standard accounts. Standard accounts are nested under the Provider account and each Standard account represents the case data of one customer in the SOAR MSSP deployment. For more information, see the SOAR for MSSPs Configuration Guide.
- Security analysts
- For security analysts, the most relevant components of the architecture are the aggregated view of case data in the Provider account and the case data in the Standard accounts. The aggregated view of case data in the Provider account shows case data from different customer accounts in a single dashboard. This provides analysts with an overview of all of the cases that they are managing across all customer accounts. Analysts can then sort incidents by customer accounts and navigate from cases displayed in the Provider account to the customer-specific Standard accounts. Depending on your user role, you might not have permissions to access the Provider account. For more information, see the SOAR for MSSPs User Guide.