Solved: Multi Tenancy & Forwarder Labels

0xRPCW-SecOps · 10-15-2024 11:38 AM

Greetings--

Piggybacking on this post:
https://www.googlecloudcommunity.com/gc/SOAR-Forum/Using-Environments-for-Multi-Tenancy/m-p/687636#M...

Are there any guides or syntax about how to link or associate
Forwarder Labels and Ingestion Labels and/or NameSpaces
to their respective Environments to support a multi-tenancy deployment?

e.g. I see in yaml:
env: dev

Any advice is helpful.
Thank you!!

dlove40

If you're wanting to have a SOAR case created in a defined SOAR environment based on the ingestion label, you can define the environment details in the advanced section of the Google Chronicle SOAR connector.

https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/google-chronicle#connector_inp...

View solution in original post

cmmartin_google

I wrote up a series on apply Data RBAC in Chronicle SIEM and Chronicle in these two posts:

This provides examples of how to plan for using either Namespaces or Ingestion Labels and aligning the configuration across SIEM and SOAR components.

dlove40

If you're wanting to have a SOAR case created in a defined SOAR environment based on the ingestion label, you can define the environment details in the advanced section of the Google Chronicle SOAR connector.

https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/google-chronicle#connector_inp...

Webinar May 29th: Log Ingestion: Bindplane + Google SecOps

Multi Tenancy & Forwarder Labels