Log360 MSSP solutions architecture
Log360 MSSP edition is designed to meet your SIEM requirements as a managed security service provider (MSSP). Tailored for managing Log360 clients spread across diverse geographical locations, this edition acts as a centralized console to manage clients and technicians.The near real-time dashboard gives insights into clients' health and license status, allowing you to handle clients, technicians, license, and health monitoring all in one place.
Log360 MSSP requires a separate installation and can establish a connection to client Log360 systems via the internet or intranet. This connection helps to connect and oversee client Log360 instances. Post client Log360 integration, it enables synchronization and efficient client management, including client modification and deletion.
Within the Log360 MSSP installation, a dedicated web server, database, as well as a reverse proxy server, are employed. The web server encompasses two major modules: the technician and license modules. These modules take care of the logical aspects of MSSP functionality and serving the UI. Additionally, this server is linked to the email server to facilitate the delivery of email alerts.
Another integral component of the MSSP architecture is the reverse proxy server, which plays a crucial role in accessing client Log360s over the internet or intranet. This server also streamlines the SSO process, eliminating the need for separate sign-ins to access delegated clients—a SSO to MSSP suffices for seamless access.
Modules of Log360 MSSP
Technician module:
The technician module, connected to the technician API in the client Log360, facilitates creating, managing, and delegating technicians to client Log360s from MSSP. It also offers comprehensive control over technician roles for various components such as ADAudit Plus, EventLog Analyzer, Cloud Security Plus, Exchange Reporter Plus, DataSecurity Plus, and Log360 UEBA. Technicians are categorized into admin and operator roles, where an admin possesses full control over the application and all clients by default, while an operator can access only the allocated clients.
License module:
This module helps in seamlessly managing client license from MSSP. Connected to the license API in client Log360, it provides a clear overview of license status of each client and it's child components across the Log360 MSSP ecosystem. This module is connected to ManageEngine's endpoint via the internet, from which it retrieves all required licensing details.