Domain separation and Threat Intelligence Security Center

Release version: Yokohama

Updated January 30, 2025

3 minutes to read

Summarize

Summarized using AI

Summary of Domain separation and Threat Intelligence Security Center

Domain separation is fully supported in the Threat Intelligence Security Center (TISC), allowing you to logically separate data, processes, and administrative tasks into distinct domains. This separation controls user access and visibility, ensuring that users from one domain cannot access the data of another. The feature is designed to support multiple service provider (SP) customers within a single instance, each with their own configurations and business logic.

Show full answer Show less

Key Features

Domain-aware configurations: All application properties and configuration records are domain-aware, with base system configurations residing in the global domain and cloned into tenant-specific domains.
Tenant-specific administration: Instance owners configure business logic and data parameters per tenant, while tenant domains manage their own application data consistent with platform capabilities.
Domain-specific notification rules: Base notification rules are provisioned in the global domain and must be cloned and enabled within each tenant domain to ensure proper notification management.
Support for domain-separated dashboards: Widgets using Performance Analytics indicators in the TISC Home dashboard are supported with additional configuration guidance available.
Plugin requirement: The Domain Support - Domain Extensions Installer plugin must be installed to enable domain separation features in TISC.

Practical Use and Configuration

After enabling domain separation, administrators access domain-specific setup via the “Setup TISC” button in the TISC Administration module to clone global configurations into respective domains. Administrators should only modify domain-specific configurations and avoid changes in the global domain to maintain separation integrity. All tables in TISC are domain separated to isolate tenant data effectively.

Key Outcomes for ServiceNow Customers

Improved multi-tenancy by logically segregating data and processes within a single instance.
Enhanced data security and access control by restricting users to their respective domains.
Customizable business logic and notifications per tenant to accommodate specific requirements.
Streamlined management of domain-specific configurations through dedicated setup tools.

Domain separation is supported for Threat Intelligence Security Center. Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can control several aspects of this separation, including which users can see and access data.

Support level: Standard

Includes all aspects of Basic level support.
Application properties are domain-aware as needed.
Business logic: The service provider (SP) creates or modifies processes per customer. The use cases reflect proper use of the application by multiple SP customers in a single instance.
The instance owner must configure the minimum viable product (MVP) business logic and data parameters per tenant as expected for the specific application.

Sample use case: An admin must be able to make comments required when a record closes for one tenant, but not for another.

For more information on support levels, see Application support for domain separation.

Overview

Domain separation is enabled for all the features of Threat Intelligence Security Center.

How domain separation works in Threat Intelligence Security Center

All the configuration related records that are provisioned in the base system are shipped in the global domain. In case the instance is domain separated, users would see an explicit button Setup TISC under the Administration module of the TISC workspace. Click on this button to clone the base system provisioned global domain configurations into the respective domains.
Figure 1. Domain Separation

Note:
Users should only enable or modify domain specific configuration records and should not enable or modify configuration records in the global domain.
Couple of platform notification rules (sysevent_email_action) are provisioned in the base system, these notification rules should be cloned into required domains and only domain specific notification rules need to be enabled.
Note:
For more information on the rules notifications, navigat to System Notification > Notifications and filter for all the global domain notification rules defined on the tables starting with name sn_sec_tisc to understand how users can identify the base notification rules that are provisioned in the base system.
All the configurations and data ingested will be specific to each domain, which means that users from one domain will not be able to access data from other domain.
Configure a domain-separated environment with this application by installing Domain Support - Domain Extensions Installer plugin.
There are domain columns added for all the base system application tables.
Using the Platform provided functionality the tenant domains manage their own application data.
The business logic and processes that can be domain-separated by instance owner is same as what Platform supports.
The business logic and processes that can be administered by tenant domain is same as what platform supports.
You can access the Setup page from the Administration section. Click on the link provided under the Administration section to view the domain separation view.
To support the domain separation for the widgets using Performance Analytics (PA) indicators in the TISC Home dashboard, refer to the KB article KB1647990 for detailed procedure.

Domain Separated tables

All the tables are domain separated.

Use cases

All features of this application are domain separated.