Ability to connect to multiple backend systems with on integration/function

Today there is the MSSP capability for Resilient, where one installation of resilient can handle the incidents of multiple MSSP customers.

On the case that one simple technology like AD/LDAP (each customer has it's own LDAP) would like to be included on the enrichment/analysis or Response phases, there's no way to have 2 or 3 different LDAP one for each MSSP customers.

The same it's true for enrichment kind of functions like X-Force Collections for Resilient. For example the MSSP should be able to provide different API Keys for each customer. So in the case there's a paid Threat Intell API, you should have the capability of using each API key independently.

The previous requirements it's valid for MSSP deployments and for normal deployments of Resilient.

In normal customer environements there are backend system where the customer only has just one installation for example a SIEM. But for other backends customer normally can have more than one, like:

  • AD/LDAP one for internal users, one for external users.

  • Guardium it's not always true that you have just one Guardium appliances, customer may have several boxes, some for PCI an others separated for normal DBs.

  • Custom functions to take action to servers directly like a firewalls where customer may have not just one console to manage all, but could manage several consoles or manage each firewall independly.



  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Oct 1 2020
  • Future consideration
  • Attach files