Introduction
For Managed Security Service Providers (MSSPs) with MSSP Chronicle licenses, the integration of Google Chronicle instances with Resolution Intelligence Cloud™ can be greatly simplified. Instead of manually configuring and setup Chronicle instances at each tenant level, MSSPs can utilize their MSSP license credentials to automatically create Chronicle instances at the tenant level of a multi-tenant account hierarchy. This automated setup streamlines the Bring Your Own Chronicle (BYOC) process, allowing MSSPs to manage their instances efficiently across multiple clients.
Multi-Tenant Account Hierarchy Setup
The platform supports a 3-level account hierarchy for organizing MSSP clients:
- L1 – Domain: The highest level in the hierarchy, representing the MSSP’s entire organization.
- L2 – Organization: Subdivisions under the domain, often representing individual business units or major client groups.
- L3 - Tenant: The individual client accounts under each organization.
In this hierarchy, Chronicle MSSP licenses can be configured at —Domain, or Organization level account hierarchy, while and Chronicle SecOps instance can be created at each Tenant level using the master credentials from Domain or Organization —based on the MSSP’s requirements.
Chronicle Setup in a Multi-Tenant Environment
For MSSPs holding an MSSP Chronicle SecOps license, the process of setting up Chronicle instances can be automated within the multi-tenant hierarchy. This is achieved by applying the MSSP license credentials at the “Domain” or “Organization” level, which allows all associated tenants to inherit the license. This method eliminates the need to manually provide keys for each tenant, significantly reducing the setup complexity for the BYOC scenario.
Benefits of MSSP License Automation in Multitenancy
- Automated Setup: Automatically create Chronicle instances at the tenant level using the MSSP license uploaded at Domain or Organization without manually configuring at each Tenant level.
- Centralized Management: Apply Chronicle license credentials once at the Domain or Organization level, and all child levels (tenants) use the license to setup Chronicle Instance.
- Simplified Scaling: Easily add new tenants under existing organizations and inherit the license configuration, supporting efficient scaling.
Configuration Options for MSSP Chronicle Integration
Configuring Chronicle MSSP License at the Domain Level (BYOC)
At the Domain level, MSSPs can configure their Chronicle license using their own MSSP license from Google. This configuration inherits to all organizations and tenants within the Domain, allowing an automated Chronicle instance creation at the Tenant level.
Prerequisites
- Google Chronicle (MSSP) license with credentials
Permissions Required
Users with the following roles can configure the Chronicle instance:
- Global Admin
- Owner
- User with Manager role
- Configuration Manager
Steps to Configure Chronicle MSSP License at the Domain Level
- Click the gear icon at the top of the page.
- In the left menu, under Data Ingestion, click Integrations. This takes you to the integrations page.
- Locate and click the Chronicle tile.
- Click Enable to enable the Chronicle integration.
5. Click Choose File to upload your Google Developer Service Account credentials (Credentials file) in JSON or .txt format.
6. Click Link Chronicle Instance to configure the Chronicle license.
Once the setup is complete, any organization under this Domain can inherit the MSSP Chronicle license credentials without requiring separate configurations. Each of the Tenants under this domain can use the same MSSP license credentials to create Chronicle Instance.
Configure MSSP License or Inherit Chronicle Credentials from the Domain Level
When adding an organization, users can choose to either inherit the Chronicle license from the parent organization or bring their own Chronicle (BYOC) license from Google. If BYOC is selected, the user must upload their credentials file.
Inherit Chronicle Credentials from Domain Level
If they choose to inherit from the organization, the Chronicle MSSP license will automatically be inherited from the parent organization.
- Click the gear icon at the top
- In the left menu, under Data Ingestion, click Integrations. This takes you to the integrations page.
- Locate and click the Chronicle tile.
- Click Enable.
Once the Chronicle is enabled, a screen will appear confirming the successful configuration of the Chronicle license.
Bring a separate MSSP License for a specific Organization
If the user prefers not to inherit the Chronicle MSSP license from the parent Domain level, they can opt to use their own Chronicle MSSP Credentials. Selecting this option allows the user to upload their keys, and the interface adjusts to support the setup of their own Chronicle instance. The user can then follow the process below to upload their keys at this level.
- Click Enable to proceed to the screen to upload the credentials file.
- Click Choose file to upload Google Developer Service Account Credential file in JSON or .txt format in the field.
3. Click Link Chronicle Instance. Once completed, the Chronicle license will be configured.
Once the setup is complete, any tenant under this organization can use these Chronicle license credentials to create Chronicle Instance without requiring separate configurations.
Setting Up Chronicle Instance at the Tenant Level (BYOC)
At the Tenant level, the platform uses the inherited MSSP license credentials to automatically create Chronicle SecOps instances. This enables a seamless configuration process where MSSPs don’t need to provide Chronicle keys for each tenant individually.
Prerequisites
Ensure that Chronicle instances are enabled at the Organization level.
Steps to Inherit Chronicle Credentials from the Organization Level
- Click the gear icon at the top
- In the left menu, under Data Ingestion, click Integrations. This takes you to the integrations page.
- Locate and click the Chronicle tile.
- Click Enable to activate the Chronicle instance. The configurations will be applied based on your selected plan.
A dialog box will appear, asking you to confirm enabling the Chronicle instance. Click Yes, Enable.
Once confirmed, the Chronicle instance will be enabled, initiating the instance creation process. You can monitor the progress of each configuration step in real-time. Refer to Monitoring Chronicle instance set up process article for more details.
Note: An option to have a separate Chronicle Instance for a Tenant is provided. You can select BYOC (bring in their own license from Google) and follow the steps to setup Chronicle Instance at the Tenant Level. Also, users must complete both the SSO and Chronicle setup processes manually in this case. To configure Chronicle instances at the tenant level manually within a multi-tenant setup, refer to these support articles:
Comments
0 comments
Please sign in to leave a comment.