Elastic Security Multi tenant for on premises setup

Hello Members,

As a new member of this community, I am seeking your expert advice and guidance on a pressing issue I'm facing. I am looking to set up an Elastic SIEM (Security Information and Event Management) solution for a multi-tenant environment consisting of 3 customers.

I believe your collective experience and knowledge would be invaluable in helping me navigate this challenge effectively. I am eager to understand the best practices, potential pitfalls, and any recommendations you may have for ensuring a successful deployment in a multi-tenant scenario.

Thank you in advance for your consideration and support. I look forward to your valuable insights.

There will probably be lots of things to consider, but first, you need to plan and test user authentication. Your customers probably don't share an authentication method, such as LDAP, so you may have to set up a realm for each separate customer. That's probably something few of us have done. You can probably setup a POC on a single node test cluster.

I know in every world I've been in, how you are going to split costs will be an issue. Nobody will think they are using 1/3 of the resources, so won't want to pay their 1/3 of the costs. Scaling resources if one customer becomes huge while the others are small may be an issue.

I guess if you are in the role of an MSP, maybe only MSP users will be using the stack. I've always had customers that had access to their data.

Thanks for reply

My use case is for SIEM.
We want to invest two customer logs in elastic SIEM, but different indices.
Other SIEM having simple ingestion policy.

In Elastic SIEM there is no direct option to achieve the same.

That's the reason I raised a query in this community

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.