SOAR MSSP architecture and overview
The IBM Security® QRadar® SOAR for Managed Security Service Providers (MSSPs) add-on architecture consists of three different organization types: one configuration organization, one global dashboard, and multiple child organizations. The configuration organization is used to create and maintain the configuration settings which are then propagated to the global dashboard and child organizations. The global dashboard contains one or more child organizations, where each child organization contains distinct customer data.
The following graphic shows the architecture.
- The global dashboard shows combined incident data from different customer accounts into a single dashboard. This provides analysts with an overview of all of the incidents that they are managing across all customer accounts. Analysts can then sort incidents by customer accounts and navigate from incidents displayed in the global dashboard to the customer-specific child organizations. The global dashboard is a child of the configuration organization and inherits its configuration from the configuration organization. The administrator creates and manages the configuration organization.
- Child organizations contain incident data for each customer account managed by the security service provider. The child organizations enable different customers' data to be stored separately. Each child organization contains incident data for one customer account and the configuration data inherited from the configuration organization. When creating a child organization type, the administrator specifies a parent organization, which is the global dashboard for theSOAR for MSSPs add-on deployment.
Use the User Guide for guidance on using the features in child organizations, and use this guide for information about using the global dashboard and navigating between the global dashboard and child organizations.
When you first log on to the SOAR Platform, change your password.