Modifications of application settings for the distributed solution and multitenancy mode are listed in the following table.
Modifications of application settings when switching to the distributed solution and multitenancy mode
Functional area |
PCN |
SCN |
---|---|---|
Users |
Users and roles assigned to them are preserved. Additionally, PCN users are granted access rights to work with PCN and all connected SCNs. |
All users are deleted except the user that was created while Central Node was deployed. After that, the SCN requests a list of users from the PCN and uses that list to create local users with the same parameters:
Users that do not have rights to access the SCN, are not displayed in the list of users. |
Alerts |
Information about all alerts from all connected SCNs is added to the PCN database. |
The user name is no longer displayed in existing alert information. User data are deleted from alert operation history. |
Dashboard |
On the Alerts tab, you can now select the SCNs whose information must be displayed in the widget. On the System health tab, the status of connection of the PCN with connected SCNs is now displayed. |
On the System health tab, the status of connection with the PCN is now displayed. |
Tasks |
Tasks created on the Central Node server before it was assigned the PCN role, as well as tasks created on the PCN after switching to distributed solution mode, apply to all connected SCNs. Tasks created on SCNs are also displayed in the task list. Settings of these tasks cannot be changed on the PCN. |
Tasks created on the PCN are displayed, as well as tasks created on this SCN. Settings of tasks created on the PCN cannot be changed. |
Reports |
Templates and reports created before the switch to distributed solution mode are preserved. A Servers column is added to the report table, containing information about the relevant SCN for the alert. After switching to distributed solution mode, only reports created on a PCN are displayed. |
Templates and reports created before the switch to distributed solution mode are preserved. Information about the user who created the report is preserved if the PCN has a user with the same ID (guid). In other cases user information is deleted. After switching to distributed solution mode, only reports created on an SCN are displayed. |
Prevention |
Policies created on the Central Node server before it was assigned the PCN role, as well as policies created on the PCN after switching to distributed solution mode, apply to all connected SCNs. Policies created on SCNs are also displayed in the policy list. Settings of these policies cannot be changed on the PCN. |
Policies created on the PCN are displayed, as well as policies created on this SCN. Settings of policies created on the PCN cannot be changed. |
Storage |
All files and metadata that were stored on PCNs before the switch to distributed solution mode are preserved. The name of the PCN is displayed for them in the Central Node column. The PCN also keeps the contents of the Storage of all connected SCNs. |
All files and metadata that were stored on SCNs before the switch to distributed solution mode are preserved. |
TAA exclusions |
No changes. |
No changes. |
VIP status |
No changes. |
No changes. |
Notification rules |
No changes. |
No changes. |
Integration with mail sensors |
No changes. |
No changes. |
Threat Hunting |
During threat hunting in the database, the PCN sends a request to all connected SCNs. After the search query is processed, a list of PCN and SCN events of the selected tenant is displayed. |
No changes. |
Custom rules ‑ TAA |
IOC files added on the Central Node server before it was assigned the PCN role are applied to the PCN. TAA (IOA) rules that were added on the Central Node server before it was assigned the PCN role are applied to the PCN. |
IOC files and TAA (IOA) rules added on the PCN, as well as IOC files and TAA (IOA) rules added on this SCN before and after switching to distributed solution mode are displayed. |
Backup of the application |
Backup of the application is only available on a PCN that does not have SCNs connected. To back up the application on a PCN, disconnect all SCNs from the PCN. |
Backup of the application on an SCN is not available. To back up the application on an SCN, disconnect that server from the PCN by switching it to standalone server mode. |