Skip to main content

New-Scale Security Operations PlatformNew-Scale Security Operations Platform Administration Guide

Define a Unique Site Name

Create unique site names in New-Scale Security Operations Platform to restrict access and manage multiple sites with distinct security data.

To effectively manage and monitor multiple sites within the New-Scale Security Operations Platform, you can define unique site names. This allows you to restrict access to security data based on site tags by tagging a collector instance along with the associated events and alerts. By defining unique site names, you can implement the following SIEM and TDIR capabilities across the entire organization, including independent IT infrastructures or sites:

  • Associate logs with the respective site or IT infrastructure by tagging all log sources with the site name during log collection.

  • Utilize Search, Dashboard, and Correlation Rules within or across the entire organization, even when multiple sites have overlapping IP addresses.

  • Use the metadata fields m_sitename and m_siteid to search, correlate, and visualize security data for any defined site.

To create a new site:

  1. Log in to the New-Scale Security Operations Platform with your registered credentials as an administrator or security engineer.

    Note

    Ensure that you have the appropriate permissions to define the site. For more information, see site management permissions.

  2. Navigate to Settings > Site > Site Management.

    site_managemnt_Settings.png

  3. Click Add a New Site.

    site_management_2.png

    After specifying a unique site name, a unique Site ID is assigned to it. You can then associate collectors with the site to ensure that security data collected by both cloud collectors and site collectors is appropriately tagged. The m_sitename and m_siteid metadata fields are automatically added to all events ingested via the cloud collector associated with this site.

    Note

    You can create a new site while configuring a cloud collector and updating a site collector instance.

  4. Enter a site name, and click Add Site.

    site_management_3.png

    A new site with a unique ID is added to cloud collectors to tag data with the site information, making it available for downstream applications such as Search. The Site ID is automatically generated and cannot be changed.

    If needed, you can later edit the Site Name by clicking the more actions ( The more menu; three vertical grey dots on a white background. ) icon in the row for the site.

    Note

    For all cloud collectors that use Webhooks, expect a delay of up to five minutes before logs reflect the updated site name tags.