[Multi-Tenant] System configuration levels

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

[Multi-Tenant] System configuration levels

L3 Networker

in a multi tenant environment, should I forward all the system configurations to tenants or are some of them meant only for hosts?

CSP cases in particular, can be pretty confusing. CSP tells me to put a sys config on the main account and in another comment they say to set the conf on the host as well and in some they recommend forwarding it to tenants. How should I approach to system configurations when dealing with multiple configuration endpoints without having to confirm the configuration level.

For example:
https://xsoar.local/host_2/#/settings/troubleshooting
https://xsoar.local/#/settings/troubleshooting
https://xsoar.local/acc_TEST#/settings/troubleshooting

 

1 accepted solution

Accepted Solutions

L4 Transporter

Server configurations that you want to be the same across all Tenants should be set at the main and forwarded to the Tenants.  This way you can update the configuration at the main and it will be sync'd across, versus having to do it individually.  This makes your administration much easier.

 

Examples might configurations like Docker Hardening configs, instance.execute.external for external long running integrations, etc.

 

Configurations that are different by Tenant should be set at the Tenant level.  For example, you may have different close reasons for Incidents on different Tenants, so setting the incident.closereasons config individually is the way go to. 

 

So basically TLDR:

 

If it's common across all -> Set at Main and Forward.

If it's unique -> Set at Tenant.

 

 

 

View solution in original post

3 REPLIES 3

L4 Transporter

Server configurations that you want to be the same across all Tenants should be set at the main and forwarded to the Tenants.  This way you can update the configuration at the main and it will be sync'd across, versus having to do it individually.  This makes your administration much easier.

 

Examples might configurations like Docker Hardening configs, instance.execute.external for external long running integrations, etc.

 

Configurations that are different by Tenant should be set at the Tenant level.  For example, you may have different close reasons for Incidents on different Tenants, so setting the incident.closereasons config individually is the way go to. 

 

So basically TLDR:

 

If it's common across all -> Set at Main and Forward.

If it's unique -> Set at Tenant.

 

 

 

L3 Networker

are there any cases where you should put the configuration in the main account and the host rather than tenant?

 

L4 Transporter

Not that I can think of at this time. 

 

It should be called out in the Server Configuration documentation if there are any exceptions, and I don't see any:

https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.11/Cortex-XSOAR-Administrator-Guide/Server...

  • 1 accepted solution
  • 1287 Views
  • 3 replies
  • 0 Likes
  • 31 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!