Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2166
Views
0
Helpful
1
Replies

AMP for Endpoints - subtenanting

Brendon Bell
Level 1
Level 1

‎09-27-2016 08:20 PM - edited ‎02-20-2020 09:02 PM

We have the account set up as follows.

Our Company purchased 70 licences, and we have sub-tenanted 50 of these to down stream ISP customer:

1. When I log in (with administrator privileges) I have the following option:> Analysis > Reports


When our customer logs in with their account (without administrator privileges) they do not have the reports option at the bottom of this menu.
If we give them administrator access, then they will have visibility of the 20 devices that belong to us (and we don't want that).

How can we give the customer access to generating their own reports without providing visibility of our devices?

Note: the test user you can see above was used to test this out.

2. We want to activate email notifications on a per account basis.

If our our customer logs in with their account and selects:

Analysis > Events > Not Subscribed > Immediate (one email per event)

does this send an email each time an event is detected?
Which email address will this go to?
Can you please confirm that this will only occur for the computers that are loaded against his account (and not ours)?
Also, can you please confirm that we will not get spammed in our worksorders queue every time that one of our customers devices goes down?

Labels:
0 Helpful
1 Reply 1

Matthew Franks
Cisco Employee
Cisco Employee

‎10-06-2016 06:26 AM

Brendon,

1. When you create their user account (non administrator), you can assign them privileges to certain groups, policies, outbreak control lists, custom detection list, exclusion lists, etc.  You can also go in and edit these as needed under Accounts > Users.  If you create separate groups, policies, objects, etc. for your various customers they will only see data for their connectors.

2. If they make a subscription for one email per event, they will get an email for each event based on the subscription settings.  This is typically used if they have an automatic ticket generating system based on each email.  It will go to the email address listed as the notification email (Accounts > Users > click a user) for the user creating the subscription.  If they only have privileges for some connectors, they will only get emails concerning those connectors.

If you have an Admin account and are monitoring all systems, you will get alerted when they have detections if you have subscriptions set up for all policies.

Thanks 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents