Multitenancy in the QRadar Advisor with Watson app

The QRadar® Advisor with Watson™ app supports multitenant investigations and can investigate QRadar offenses for multiple domain environments (tenants).

QRadar Advisor with Watson multitenancy support allows security analysts to investigate the offenses or quick search results on a per customer (domain) basis. It also secures offense data that is provided throughout the investigation process by using private containers for each customer ID that is defined within your QRadar multitenant configuration.

QRadar environments that use a properly configured offense model with domain IDs provided within the offense, help QRadar Advisor with Watson to distinctly investigate and determine which analysis belongs to each tenant.

QRadar security profiles control segregation and the ability to view individual investigation data within the QRadar Advisor with Watson investigations in the multitenant environment. By default, a user is able to view all offenses from all supported tenants (domains) that were investigated on the Watson Investigations page.

Global domain offenses created from correlation rules that trigger across domains contain data that resides across domains and can only be investigated, analyzed, and viewed if the QRadar permission model allows.

Note: QRadar Advisor with Watson support for multitenancy is limited to one Advisor application with the same configuration per tenant per QRadar instance.