Can MSSPs use Threat Response? Does it work with multiple tenants?

Eduardo Silva · ‎09-23-2019

Yes, MSSPs can use Threat Response. In fact, there are more than 100 MSSPs actively using Threat Response in their investigations. Threat Response partially supports multi-tenancy, in that you can configure as many copies of a module as you need, one per customer. Currently, there is no true multi-org support, but you could build your own by creating accounts to each organization/customer as a distinct Threat Response organization and then using the APIs to reach and manage each environment.

Learn more about Threat Response here, or check out other FAQs here.

dallong · ‎04-20-2021

A few examples of MSSP use cases for SecureX highlighting AMP Endpoints here.

EYE · ‎11-22-2022

This is one that I know about it and the bad thing is it depends how serious but depends what kind of tenants they are and engadged in. Misusing service? Targeting? Fraud etc .

They normally won't but if you learn really good talk and communication with them in manner they know how to relate or you may just get one that takes and deals with things that ain't the most popular but are right thing to do but depends alot on what thier activities are a factor if at you or others etc changes in scope of what can be done. Dig into what restrictions legally they can do something about in the services agreement or there are Intel type methods to but a bit different

...