Domain separation and Threat Intelligence Security Center

  • Release version: Washingtondc
  • Updated April 17, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Domain Separation and Threat Intelligence Security Center

    Domain separation in Threat Intelligence Security Center allows for the logical grouping of data, processes, and administrative tasks into distinct domains. This feature enhances data privacy by controlling user access based on their domain affiliation. It is essential for managing multiple service provider (SP) customers within a single instance while maintaining proper data segregation.

    Show full answer Show less

    Key Features

    • Domain Awareness: Application properties are designed to be aware of domain-specific configurations.
    • Configuration Management: Users can clone base system configurations into their respective domains via the Setup TISC button in the Administration module.
    • Data Isolation: Each domain operates independently, ensuring users cannot access data from other domains.
    • Domain Columns: Base system application tables include domain columns for better management.

    Key Outcomes

    By utilizing domain separation, customers can:

    • Ensure secure data management across multiple tenants.
    • Custom tailor business logic and processes for each domain as per specific application requirements.
    • Maintain compliance and data integrity by restricting access to domain-specific information.
    • Leverage Performance Analytics indicators in domain-separated widgets for tailored insights.

    To implement domain separation effectively, install the Domain Support - Domain Extensions Installer plugin and refer to relevant notifications and guidelines provided in the system.

    Domain separation is supported for Threat Intelligence Security Center. Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can control several aspects of this separation, including which users can see and access data.

    Support level: Standard

    • Includes all aspects of Basic level support.
    • Application properties are domain-aware as needed.
    • Business logic: The service provider (SP) creates or modifies processes per customer. The use cases reflect proper use of the application by multiple SP customers in a single instance.
    • The instance owner must configure the minimum viable product (MVP) business logic and data parameters per tenant as expected for the specific application.

    Sample use case: An admin must be able to make comments required when a record closes for one tenant, but not for another.

    For more information on support levels, see Application support for domain separation.

    Overview

    Domain separation is enabled for all the features of Threat Intelligence Security Center.

    How domain separation works in Threat Intelligence Security Center

    • All the configuration related records that are provisioned in the base system are shipped in the global domain. In case the instance is domain separated, users would see an explicit button Setup TISC under the Administration module of the TISC workspace. Click on this button to clone the base system provisioned global domain configurations into the respective domains.
      Figure 1. Domain Separation
      TISC Domain Separation
      Note:
      Users should only enable or modify domain specific configuration records and should not enable or modify configuration records in the global domain.
    • Couple of platform notification rules (sysevent_email_action) are provisioned in the base system, these notification rules should be cloned into required domains and only domain specific notification rules need to be enabled.
      Note:
      For more information on the rules notifications, navigat to System Notification > Notifications and filter for all the global domain notification rules defined on the tables starting with name sn_sec_tisc to understand how users can identify the base notification rules that are provisioned in the base system.
    • All the configurations and data ingested will be specific to each domain, which means that users from one domain will not be able to access data from other domain.
    • Configure a domain-separated environment with this application by installing Domain Support - Domain Extensions Installer plugin.
    • There are domain columns added for all the base system application tables.
    • Using the Platform provided functionality the tenant domains manage their own application data.
    • The business logic and processes that can be domain-separated by instance owner is same as what Platform supports.
    • The business logic and processes that can be administered by tenant domain is same as what platform supports.
    • You can access the Setup page from the Administration section. Click on the link provided under the Administration section to view the domain separation view.
    • To support the domain separation for the widgets using Performance Analytics (PA) indicators in the TISC Home dashboard, refer to the KB article KB1647990 for detailed procedure.

    Domain Separated tables

    All the tables are domain separated.

    Use cases

    All features of this application are domain separated.