Solved: Deploying Separate Chronicle Instances for Prod &a...

AfvanJaffer · 12-03-2024 01:06 AM

Hey folks!

can anyone help me understand how can I deploy two chronicle instances(interfaces) for both prod & dev usecases ?

I need to separate them basically on the interface level like, backstory-prod URL for prod instances and the same for a staging or dev use.

how can I achieve such a separation ?

mikewilusz

If you have a Google Cloud Security account team I'd recommend starting there. Dev instances are possible, but it requires Google's involvement for the provisioning and to review the licensing.

-mike

View solution in original post

mikewilusz

If you have a Google Cloud Security account team I'd recommend starting there. Dev instances are possible, but it requires Google's involvement for the provisioning and to review the licensing.

-mike

AfvanJaffer

is it possible to have more than two instances ?

especially if we want to separate logs from different organization/department ?

not using the Data RBAC(I'm aware of it - but feels not the right choice here. )

dnehoda

Yes but there's cost associated with that and you would need 3 separate projects under your GCP org - each with its own secops instance.

AfvanJaffer

Could you please clarify what you mean by "cost"? Are you referring to anything that affects the existing license ?

I'm hoping the backend APIs will remain the same, even with multiple Chronicle interfaces deployed, so that we can make this separation feasible.

correct me If I'm wrong

dnehoda

You cant have multiple chronicle instances without the proper licensing. You would need to discuss this with your Google Account Team as Mike had suggested above.

Deploying Separate Chronicle Instances for Prod &amp; dev

Deploying Separate Chronicle Instances for Prod & dev