Staging - Customer/Entity

The Staging mechanism in the Mobula platform allows for setting a Stage for the Customer/Entity, providing a useful tool for the SOC manager to gain an overview of the platform's state. This feature is particularly valuable in situations where it is necessary to halt a connection for a specific Customer/Entity. For instance, in the event of a disconnection from the MSSP, the Stage can be altered to "Disabled," which will result in the immediate termination of all actions. In summary, the Staging mechanism in the Mobula platform is a powerful tool for managing connections and maintaining control over the platform's functionality.

Customer/Entity Stage Through “Mobula MPM App”

Required

Mobula Admin Platform permission on Mobula MPM(Mobula Platform Management).
Mobula Platform Management

MPM - Change Customer/Entity Stage

Open the MPM App - Mobula Platform Management.
Click on the top left icon to access the Options menu.
Click on “Settings” and select the required platform, Click Save.
Choose one of your entities from the Options menu.
Click on Entity stage - NO STAGE (or any other staging for existing entities)

6. Choose one of the following stages

Active
Learning
PoC
Suspended
Disabled

7/ Click save

Customer / Entity Stage meanings

Set Customer/Entity stage through “ArcSight ESM”

Required

ESM Console user.

ESM - Change Customer/Entity Stage

At the Navigator tab navigate to the Customer stage list following this path:

/All Active Lists/Mobula Administration/Staging/Customers/Customer Stage

Right-click on the Customer Stage list and select “Show Entries”
At the Viewer tab click “+”
At the Inspect/Edit tab, you will find the options as shown below

5. Select the Customer

6. Configure the CustomerStage (case sensitive)

1. Active
2. PoC
3. Learning
4. Suspended
5. Disabled

7. Click “Add”

Customer / Entity Stage meanings:

Active - This stage is for entities that are ready for the active stage and the POC stage is Ended or not needed.
Learning - Same as PoC just for the first two weeks to tune all active alerts before moving the entity to the “Active” stage.
PoC - Proof of concept stage, entity in this stage should stay for no more than 2 weeks, in this timerange you should send him all the reports needed (Compliance + Customization) tune as much as possible “Active” alerts to get to the minimal number of FP alerts.
Suspended - In case the monitoring of the entity is under question and needs to be suspended until the next decision.
Disabled - For entities who left the platform and no monitoring is needed. This action will stop every action that have been made - will stop sending alerts.

Page updated

Report abuse