Imagine you are an MSSP using FortiSOAR's Multi Tenancy Addons Solution Pack to manage the security operations for multiple clients, each having their own isolated environments. One day, you receive a threat intelligence alert indicating that a particular domain is hosting malicious content, and it poses a significant security risk to your clients. You need to block access to this domain across all your tenants promptly. Here's how you can use the solution pack in this scenario:
Alert and Analysis: You receive the threat intelligence alert about the malicious domain. You analyze the data and confirm the threat's severity and relevance to your tenants.
Remote Playbook Configuration: Using FortiSOAR's Multi Tenancy Addons Solution Pack, you create or configure a remote executable playbook. This playbook contains the necessary actions to block the malicious domain, such as updating firewall rules or DNS configurations. Importantly, the playbook is designed to be agnostic of the specific tenant configurations.
Tenant Selection: You select the tenants that are potentially at risk from this threat and to whom you want to apply the mitigation actions. With the multi-tenancy support, you can target specific clients while keeping other clients' configurations intact.
Execution: You execute the remote playbook from the master node. This playbook will then communicate with the respective tenant nodes and carry out the required mitigation actions, such as blocking the malicious domain.
Monitoring and Verification: You monitor the execution progress and verify that the mitigation actions were successful. This might involve confirming that the malicious domain is now inaccessible within the selected tenants' environments.
Notification: Once the threat is mitigated successfully across the affected tenants, you can send notifications or reports to your clients, informing them of the action taken to enhance their security.
By utilizing the Multi Tenancy Addons Solution Pack in this use case, you can efficiently respond to security threats that impact multiple tenants in your MSSP network. This centralized management approach ensures a swift and consistent response while also keeping the tenants' configurations separate and secure.
Reference: https://fortisoar.contenthub.fortinet.com//detail.html?entity=multiTenancyAddons&version=1.0.1&type=...
