Getting Started for MSSP

use this guide to complete first time ai soc mssp deployment and verify data flow between one client tenant and one central tenant prerequisites you have administrative access to both client and central tenants hero ai and base ai soc capabilities are available in the client tenant you can edit assets, webhooks, and playbook related settings in both tenants you have network access between client and central endpoints you have a valid admin privatetoken (personal access token) for central swimlane api operations used by ai soc mssp central sync you can create or copy a swimlane pat and session cookie for core client tenant assets ( turbine tenant credentials and ai soc tenant configuration ) install in the required order install ai soc core solution in the client tenant install ai soc mssp client extension in the client tenant install ai soc mssp central solution in the central tenant confirm installation completion in each tenant before configuration configure ai soc mssp after installation, complete all configuration steps in configure ai soc mssp docid\ azfpz c qlu3elvszkllw configure the client tenant (core assets, mssp sync assets, optional alert webhook) configure the central tenant (ingestion webhook, playbooks, workspace, applications) validate first data flow in the client tenant, ingest a test record through normal ai soc ingestion open the record and verify enrichment completes in the client workflow in the central tenant, open central case management and verify the client record appears open threat intelligence artifact cache and verify associated ti cache data appears or updates confirm record metadata identifies the originating client tenant if validation fails, see validate and troubleshoot mssp sync docid\ qyesknwk rnsc1w1uax d validation sign off checklist configuration in configure ai soc mssp docid\ azfpz c qlu3elvszkllw is complete for client and central tenants client record is visible in central within your expected sync window client name is populated correctly on central records ti cache updates are visible for at least one observable from the test record a second update to the same client record propagates to central expected results area expected outcome client workflow record is created and updated normally in client case management central visibility related record is created or updated in central case management ti cache observable level enrichment cache appears in central ti cache application sync metadata last sync and tracking metadata updates after propagation