08-01-2023 06:24 AM
in a multi tenant environment, should I forward all the system configurations to tenants or are some of them meant only for hosts?
CSP cases in particular, can be pretty confusing. CSP tells me to put a sys config on the main account and in another comment they say to set the conf on the host as well and in some they recommend forwarding it to tenants. How should I approach to system configurations when dealing with multiple configuration endpoints without having to confirm the configuration level.
For example:
https://xsoar.local/host_2/#/settings/troubleshooting
https://xsoar.local/#/settings/troubleshooting
https://xsoar.local/acc_TEST#/settings/troubleshooting
08-01-2023 07:54 AM - edited 08-01-2023 07:55 AM
Server configurations that you want to be the same across all Tenants should be set at the main and forwarded to the Tenants. This way you can update the configuration at the main and it will be sync'd across, versus having to do it individually. This makes your administration much easier.
Examples might configurations like Docker Hardening configs, instance.execute.external for external long running integrations, etc.
Configurations that are different by Tenant should be set at the Tenant level. For example, you may have different close reasons for Incidents on different Tenants, so setting the incident.closereasons config individually is the way go to.
So basically TLDR:
If it's common across all -> Set at Main and Forward.
If it's unique -> Set at Tenant.
08-01-2023 07:54 AM - edited 08-01-2023 07:55 AM
Server configurations that you want to be the same across all Tenants should be set at the main and forwarded to the Tenants. This way you can update the configuration at the main and it will be sync'd across, versus having to do it individually. This makes your administration much easier.
Examples might configurations like Docker Hardening configs, instance.execute.external for external long running integrations, etc.
Configurations that are different by Tenant should be set at the Tenant level. For example, you may have different close reasons for Incidents on different Tenants, so setting the incident.closereasons config individually is the way go to.
So basically TLDR:
If it's common across all -> Set at Main and Forward.
If it's unique -> Set at Tenant.
08-02-2023 12:35 AM
are there any cases where you should put the configuration in the main account and the host rather than tenant?
08-02-2023 07:42 AM
Not that I can think of at this time.
It should be called out in the Server Configuration documentation if there are any exceptions, and I don't see any:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
