Architecture and overview
The IBM® Security QRadar SOAR for Managed Security Service Providers (MSSPs) architecture consists of two IBM Security QRadar Suite account types: one Provider account and multiple Standard accounts, where each Standard account represents a distinct set of customer case data.
The Standard accounts contain the case data for each customer in the SOAR MSSP deployment. The Provider account contains an aggregated view of case data from the Standard accounts in the SOAR MSSP deployment. The Provider account is also used for management and configuration of the SOAR MSSP deployment.
- SOAR MSSP analysts with access to Provider account and Standard accounts
- SOAR MSSP analysts who have access to the Provider account and one or more Standard accounts.
- The SOAR MSSP administrator assigns custom roles to these users, as needed.
- SOAR MSSP analysts with access to Standard accounts only
- SOAR MSSP analysts who have access to one or more Standard accounts without access to the Provider account.
- All of these users have the same set of permissions in Standard accounts, provided by the
Default role. The administrator can configure the permissions provided by the
Default role, but all of the users who have access only to Standard accounts have the same set of permissions.
- The aggregated view of case data in the Provider account shows case data from different customer accounts in a single dashboard. This provides analysts with an overview of all of the cases that they are managing across all customer accounts. Analysts can then sort incidents by customer accounts and navigate from cases displayed in the Provider account to the customer-specific Standard accounts. Depending on your user role, you might not have permissions to access the Provider account.
- Standard accounts contain case data for each customer account managed by in the SOAR MSSP deployment. The Standard accounts enable different customers' data to be stored separately. Each Standard account contains case data for one customer account and also contains configuration data inherited from the Provider account.
Use the User Guide for guidance on using the features in regular non-MSSP accounts. Use this guide for information about the aggregated case view in the Provider account and differences between non-MSSP accounts and MSSP accounts.