Managed services overview¶
LogSentinel SIEM is tailored to managed security service proviers (MSSPs) to allow them to offer managed security services like MDR (managed detection and response).
LogSentinel SIEM supports true multi-tenancy - one MSSP account can be used to monitor multiple customers. This is achieved through the "Data source groups / Tenants" functionality, under Sources and integrations.
Each data source group / tenant can contain multiple data sources. Search queries, alerts, reports, dashboards and other functionalities can be limited only to a given tenant. MSSP analysts can review them separately or jointly from the same login, without the need to switch accounts or switch tenants.
Data source groups support hierarchies, in case a single large customer has multiple subsidiaries under monitoring by the MSSPs, or in case of other complex organizational structures.
Collectors and agents¶
The main components for log collection are collectors and agents. They can be downloaed with baked-in configuration for a particulate tenant from the respective page (Collectors or Agents).
Collector and agent credentials are segregated so that no customer is able to send data on behalf of another customer.
Each tenant can has dedicated default agent data source where data from all agents can be sent.
Each user can be assigned to a data source group / tenant. If that's done, they only have access to that tenant's data sources and the respective alerts, reports, dashboards.
Because MSSPs offer a packaged service, they may want to customer to see their logo and color scheme in the SIEM. That's achievable through LogSentinel's whitelabeling functionality. Contact our partner support to choose an optional custom domain, logo and colors.