Use AI SOC MSSP Central

use this guide for day to day analyst and operations workflows in the central tenant after mssp sync is configured this page does not cover installing solution layers, configuring webhooks or assets, or onboarding a new client tenant choose your path if you need to go to configure webhooks, assets, or sync for client or central tenants configure ai soc mssp docid\ azfpz c qlu3elvszkllw add another customer client tenant onboard a client tenant docid\ fgkw7if8vsr9 hchdexus fix missing or stale sync validate and troubleshoot mssp sync docid\ qyesknwk rnsc1w1uax d first mssp deployment getting started for mssp docid\ ivvy6gxajwc34xvmnnqc mssp overview ai soc mssp docid\ euf wh3ljlamphbnkmvos daily workflow open the ai soc mssp central workspace review incoming and recently updated records in central case management filter by client name to inspect tenant specific workloads identify records requiring follow up with client soc teams review ti cache updates for frequently recurring observables use usage statistics to track workload and adoption across clients central reporting and dashboards use central applications and the ai soc mssp central workspace to monitor clients this is separate from per client reporting in ai soc core solution where what to use central tenant central case management , threat intelligence artifact cache , usage statistics , ai soc mssp central workspace each client tenant soc reporting workspace , roi calculator workspace , and analyst ai soc workspace (not duplicated on central) reporting goal recommended view compare workload by client central case list filtered by client name track update velocity record update trends over time spot recurring indicators across clients threat intelligence artifact cache searches and filters check tenant participation usage statistics by client for client tenant soc and roi dashboards, analysts work in that client’s tenant see dashboards docid\ aayntc5rumve6m xru 0 in the ai soc solution guide work with central case management use central case management as the aggregate visibility layer task action review new client activity sort by create time and filter by client name track case progression monitor status and last update fields over time validate propagation compare key values between client and central records confirm client ownership verify client metadata fields on each central record key central record fields to monitor field type why it matters client identity fields confirm source tenant and avoid cross client confusion client tracking identifier correlate central records back to client records quickly record status and last updated detect stale sync or delayed updates source record url jump directly to the originating client record for verification work with threat intelligence artifact cache use ti cache data to reduce duplicate enrichment and improve consistency open threat intelligence artifact cache search for observables linked to active central records confirm latest verdict and enrichment metadata are present track repeated indicators across multiple clients use cache history to detect stale or missing propagation request client side re enrichment use this workflow when central ti cache data is stale, incomplete, or must be refreshed after a provider or policy change open the ti cache record in threat intelligence artifact cache use requires re enrichment when it appears on the record layout or task list save the record and confirm the re enrichment request is stored on the ti cache record in the client tenant, confirm the observable receives a fresh enrichment pass on the next automation cycle your deployment uses for mssp ti sync use usage statistics use usage statistics to monitor operational health across clients metric type what to watch volume record growth by client and by period activity client update frequency and sync cadence coverage which clients are actively sending records trend sustained increase or drop in central activity operational best practices standardize client names to avoid duplicate or fragmented reporting views validate webhook and token configuration after every credential rotation (see configure ai soc mssp docid\ azfpz c qlu3elvszkllw ) review a sample of records from each active client every day escalate repeated sync lag quickly to prevent stale central visibility