AI SOC MSSP

use this guide set to deploy, operate, and validate ai soc in a managed service provider (mssp) model with client tenants and a central tenant mssp mode overview ai soc mssp mode keeps each client tenant operationally independent while giving mssp teams centralized visibility in a dedicated central tenant client tenants continue to run local ingestion, triage, enrichment, and investigation the central tenant receives selected synchronized records for oversight, quality monitoring, and cross client reporting how ai soc mssp works ai soc mssp deployment uses three solution layers solution layer install tenant purpose ai soc core solution client tenant base ai soc applications, workflows, dashboards, and playbooks ai soc mssp client extension client tenant sends case and ti cache updates from client to central tenant ai soc mssp central solution central tenant receives client records and maintains central visibility, ti cache, and reporting views architecture of mssp mode tenant role primary responsibility typical data scope client tenant detect, triage, investigate, and resolve customer alerts single customer records and tenant local operations central tenant aggregate synchronized records across clients multi client oversight and centralized reporting views tenant roles client tenant receives and processes customer alerts using standard ai soc workflows runs triage and investigation in case management configures core tenant assets ( ai soc tenant configuration , turbine tenant credentials ) and optional soc reporting and roi calculator workspaces from ai soc core solution configures ai soc mssp client configuration and ai soc mssp central sync so case and ti cache updates reach the central tenant (including tenant base url and privatetoken for central swimlane api calls) optionally uses the alert ingestion ai soc mssp client webhook when your design routes mssp client alert traffic through that ingress path sends selected case and ti cache updates to the central tenant central tenant aggregates data across client tenants for mssp oversight uses the ingest record from client webhook and central mssp playbooks (no separate central mssp configuration assets in current packages) provides centralized record visibility in central case management stores multi tenant ti cache data in threat intelligence artifact cache can mark ti cache records for client side re enrichment when enrichment must be refreshed supports shared reporting and usage visibility flow overview client tenant ingest and investigation workflows create or update records mssp sync configuration sends selected case and ti cache updates to the central tenant central tenant receives and stores synchronized updates mssp analysts use central applications and dashboards for cross client monitoring client teams continue remediation and case handling in their own tenant workflows choose your path if you need to use this guide configure client and central tenants (assets, webhook, sync) configure ai soc mssp docid\ azfpz c qlu3elvszkllw perform first deployment and baseline validation getting started for mssp docid\ ivvy6gxajwc34xvmnnqc add an additional customer environment onboard a client tenant docid\ fgkw7if8vsr9 hchdexus work day to day in the central tenant use ai soc mssp central docid\ gualyzlqa 7acfkpszhcq confirm data propagation and resolve sync failures validate and troubleshoot mssp sync docid\ qyesknwk rnsc1w1uax d related ai soc guides if you want to go to run first investigation workflows in a client tenant getting started docid\ p7qjquayekczhpxeppwcp configure base ai soc tenant assets (pat, cookie, ti, correlation) installing and configuring ai soc solution docid b7njxu5xnzyrjcngqg5j and configure custom assets docid\ qdckijlols 7dwzjgrbqk learn ai soc applications and dashboards ai soc applications docid\ uosuzrpsl6hfe9d6br5az and dashboards and reports review operational and troubleshooting guidance operations and guidance docid\ dsdgtaqeg95dseaf2iat and troubleshooting docid\ cknuxqv85k9lu0ocqv218