topher-lo
commented
3 months ago Building this as we speak. Will be similar to this in tines: https://www.tines.com/docs/admin/teams/
Closed mattdurant closed 2 months ago
topher-lo
commented
3 months ago Building this as we speak. Will be similar to this in tines: https://www.tines.com/docs/admin/teams/
mattdurant
commented
3 months ago I like the separate "teams" to cover the MSP/MDR use case, should make it nice and clean to keep those separate. Will this also address the situations where a single user may have more than one instance of a particular integration they need to interact with?
topher-lo
commented
3 months ago In the Tines world (and how we plan to implement it as well).
Each team is associated with its own set of XYZ integration credentials (eg sentinel_one secret with keys SENTINEL_ONE_API_KEY).
To have the same playbook (eg enrich S1 alert) across different clients with different EDR tenants, you duplicate the playbook into different teams with different credentials. And make config adjustments to the playbook actions as needed.
Does this work?
topher-lo
commented
3 months ago You can think of the above as how GitHub implements repo level secrets for GitHub actions.
mattdurant
commented
3 months ago I think there are 2 use cases mixed in here:
For 2, a real world example would be that I am an M365 customer, and I acquire another business that is also an M365 customer. We are very likely not going to be able to transition all mailboxes and users off of that environment on day 1, but if I'm using a workflow where on a certain type of alert I want to reset a user's password and then contact them, how would I interact with both M365 environments in the same workflow since all users won't exist in one or the other?
topher-lo
commented
3 months ago I think there are 2 use cases mixed in here:
- Having separation for a "multi-tenant" environment for MSPs
- Being able to use multiple of the same type of integration in a workflow
For 2, a real world example would be that I am an M365 customer, and I acquire another business that is also an M365 customer. We are very likely not going to be able to transition all mailboxes and users off of that environment on day 1, but if I'm using a workflow where on a certain type of alert I want to reset a user's password and then contact them, how would I interact with both M365 environments in the same workflow since all users won't exist in one or the other?
Gotcha. I'm moving the second use case into another issue 👍
topher-lo
commented
2 months ago Closed by #302
Is your feature request related to a problem? Please describe. If you have multiple of a specific system that you manage, you can't distinguish them and provide different secrets. For example, if I had 2 instances of Okta to manage, I only have 1 secret defined that is tied to the class, not to a specific instance of the class.
I'm thinking of other systems where you configure a connection, give it creds and config, and then when you add those actions to a workflow you specific which connection it's using.
There are likely MDRs or MSPs that would be interested in using this that wouldn't be able to manage multiple clients from one instance of Tracecat and would need to run their own multi-tenant setup to separate them.
Describe the solution you'd like If we could instantiate the integration classes and save configuration/secrets against those, it would solve some upcoming issues as the project grows:
Describe alternatives you've considered There isn't really a good alternate solution to the above problem.
Additional context N/A