Managed Service Providers (MSS) Integration

Introduction

Logsign helps organizations to improve their cyber resilience through avoiding risks and chaos, besides ensures compliance with relevant regulations by bringing together all data, threat detection, investigation and incident response capabilities on a single, unified-whole platform.

This is achieved through the integration of various native Logsign tools such as Security Information and Event Management (SIEM), Threat Intelligence, User Entity Behaviour Analytics (UEBA), Threat Detection, Investigation, Response (TDIR).

Logsign Unified SecOps Platform is a comprehensive security tool that enables you to create a data lake, investigate threats and vulnerabilities, analyze risks, and respond to threats automatically.

The platform’s automation and orchestration capabilities come from SOAR experience and are involved in every stage of the detection, investigation, and response processes. This enables the eradication and mitigation of threats and vulnerabilities in seconds, reducing MTTD and MTTR.

As an Unified Security Operations Platform, it works seamlessly with other components of a Security Operations Center.

In this document, MSS Integration between centralized USO platform and End Users' platforms will be explained.

Incident Forwarding Process on End Users' USO Platform

Firstly, integration should be defined on the "Responses" tab under the Integrations in USO Platform.

Screen Shot 2023-08-02 at 13.17.18.png

Then MSS integration is added in Action rules section from the Logsign Unified SecOps Platform.

Click the "+Add" under the Settings-Action Rules tab.

The alerts are selected from the screen that appeared and click on the "Next" button.

Response method is selected as MSS from the "Actions & Conditions" screen and the processes are completed in end-users' platform.

Adding Organization on Centralized USO Platform

Organisations are added on Organisations tab in Centralized USO Platform.

Organisations are added according to HostID's and the End Users' name.

Then, for MSS (CyFusion side), execute commands below on CLI;

# cp /opt/logsign-poller/logsign-comanaged-collector.service /lib/systemd/system

# systemctl enable logsign-comanaged-collector 

# systemctl start logsign-comanaged-collector

 

Then for the client side, execute command below on CLI;

# cp /opt/logsign-postproces/logsign-mss-action-worker.service /lib/systemd/system

# systemctl enable logsign-mss-action-worker

# systemctl start logsign-mss-action-worker

# systemctl restart logsign-api

 

After all of these processes has been completed, incident will be collected on Centralized USO Platform with Organisation Names. They can be tracked on Incident Management or monitored with different types of Dashboards. All incidents 

 

Management of Responses on Client Side

All incidents coming to Cyfusion are categorized based on the organization. This area can be viewed in the "Organization" tab. 

 

To manage the process and take action for any incident, you simply need to press the "Magic Button." In the window that opens, you will see both Cyfusion response integrations and the client's response integrations for the incident. Then you can select the integration you want to use and utilize the specified methods easily.

Note That: During the process, communication between the Logsign Cyfusion and Logsign Unified SecOps Platform is established over HTTPS through a tunnel.

 

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.