Domain separation and Threat Intelligence Security Center

  • Release version: Xanadu
  • Updated August 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Domain Separation and Threat Intelligence Security Center

    Domain separation within the Threat Intelligence Security Center (TISC) allows for logical grouping of data, processes, and administrative tasks into distinct domains. This capability enables controlled access to data by specific users, ensuring that data from one domain remains inaccessible to users from another domain.

    Show full answer Show less

    Key Features

    • Standard Support: Includes all aspects of Basic level support, with domain-aware application properties as needed.
    • Configuration Management: Instance owners can configure business logic and data parameters per tenant, tailored to specific application needs.
    • Global Domain Provisioning: Configuration records are provisioned in the global domain, with an option to clone these settings into respective domains via the Setup TISC button in the TISC workspace.
    • Domain-Specific Notifications: Notification rules in the base system need to be cloned into required domains, with only domain-specific rules enabled.
    • Domain Extensions Installer Plugin: This plugin is required to configure a domain-separated environment.

    Key Outcomes

    Implementing domain separation in TISC allows for:

    • Enhanced data security by ensuring users access only their designated data.
    • Customization of business logic and processes per tenant, catering to unique organizational needs.
    • Improved management of application data through tenant domains, with each domain maintaining its own configurations and data.

    For further assistance regarding widget support using Performance Analytics indicators in the TISC Home dashboard, refer to the relevant knowledge base article.

    Domain separation is supported for Threat Intelligence Security Center. Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can control several aspects of this separation, including which users can see and access data.

    Support level: Standard

    • Includes all aspects of Basic level support.
    • Application properties are domain-aware as needed.
    • Business logic: The service provider (SP) creates or modifies processes per customer. The use cases reflect proper use of the application by multiple SP customers in a single instance.
    • The instance owner must configure the minimum viable product (MVP) business logic and data parameters per tenant as expected for the specific application.

    Sample use case: An admin must be able to make comments required when a record closes for one tenant, but not for another.

    For more information on support levels, see Application support for domain separation.

    Overview

    Domain separation is enabled for all the features of Threat Intelligence Security Center.

    How domain separation works in Threat Intelligence Security Center

    • All the configuration related records that are provisioned in the base system are shipped in the global domain. In case the instance is domain separated, users would see an explicit button Setup TISC under the Administration module of the TISC workspace. Click on this button to clone the base system provisioned global domain configurations into the respective domains.
      Figure 1. Domain Separation
      TISC Domain Separation
      Note:
      Users should only enable or modify domain specific configuration records and should not enable or modify configuration records in the global domain.
    • Couple of platform notification rules (sysevent_email_action) are provisioned in the base system, these notification rules should be cloned into required domains and only domain specific notification rules need to be enabled.
      Note:
      For more information on the rules notifications, navigat to System Notification > Notifications and filter for all the global domain notification rules defined on the tables starting with name sn_sec_tisc to understand how users can identify the base notification rules that are provisioned in the base system.
    • All the configurations and data ingested will be specific to each domain, which means that users from one domain will not be able to access data from other domain.
    • Configure a domain-separated environment with this application by installing Domain Support - Domain Extensions Installer plugin.
    • There are domain columns added for all the base system application tables.
    • Using the Platform provided functionality the tenant domains manage their own application data.
    • The business logic and processes that can be domain-separated by instance owner is same as what Platform supports.
    • The business logic and processes that can be administered by tenant domain is same as what platform supports.
    • You can access the Setup page from the Administration section. Click on the link provided under the Administration section to view the domain separation view.
    • To support the domain separation for the widgets using Performance Analytics (PA) indicators in the TISC Home dashboard, refer to the KB article KB1647990 for detailed procedure.

    Domain Separated tables

    All the tables are domain separated.

    Use cases

    All features of this application are domain separated.