Skip to main content

New-Scale Security Operations PlatformNew-Scale Security Operations Platform Administration Guide

Define a Unique Site Name

Create unique site names within New-Scale Security Operations Platform to restrict access security data. You can manage multiple sites with distinct access.

Defining unique site names is a way to manage the access you provide to security data from specific sources. Once you create a unique site name, it becomes available to associate with a specific cloud or site collector instance. Event and alert data collected is then tagged with the site name and ID associated with that collector. Defining unique sites allows the following capabilities across your entire organization, including independent IT infrastructures or sites:

  • Associate logs with the respective site or IT infrastructure by tagging all log sources with the site name during log collection.

  • Use Search, Dashboard, and Correlation Rules within or across the entire organization, even when multiple sites have overlapping IP addresses.

  • Use the metadata fields m_sitename and m_siteid to search, correlate, and visualize security data for any defined site.

To create a new site:

  1. Log in to the New-Scale Security Operations Platform with your registered credentials as an administrator or security engineer.

    Note

    Ensure that you have the appropriate permissions to define the site. For more information, see site management permissions.

  2. Navigate to Settings > Site > Site Management.

    site_managemnt_Settings.png

    The Site Management settings page opens.

  3. At the top right of the page, click Add a New Site. The Add a New Site dialog box opens.

    Note

    You can create a new site while configuring a cloud collector and updating a site collector instance.

  4. Enter a Site Name, and click Add Site.

    site_management_3.png

    A site ID is generated automatically and the new site with a unique name and ID is created. The new site becomes available to associate collectors with so that data collected by either cloud or site collectors is tagged appropriately. The m_sitename and s_siteid fields are added to all events ingested by the collector associated with a unique site. These fields are available in downstream applications such as Search to identify data from a specific source.

    The Site ID is automatically generated and cannot be changed. But you can edit the Site Name by clicking the options icon ( The more menu; three vertical grey dots on a white background. ) in the row for a specific site.

    Note

    For all cloud collectors that use Webhooks, expect a delay of up to five minutes before logs reflect the updated site name tags.