Concepts

Workspaces

A workspace is a top-level container representing a business entity—sometimes referred to as a tenant—and can represent an entire organization or a department within a larger one.

Workspaces group and logically isolate all related security data, alerts, and detections.

Workspaces are managed under Global Settings.

Environments

Within each workspace, you can define multiple environments—typically matching stages in your detection lifecycle, such as production, staging, integration, QA, or development for example.

Environments segment services and data for improved organization, access control, and operational clarity. They can also be marked as protected to enable additional safeguards, such as:

• Requiring two-step confirmation for high-impact actions
• Blocking deployment of release candidates to sensitive environments

This helps enforce stricter security policies in critical areas.

Environments are managed in a workspace’s settings.

Services

A service is a specific instance of a technology or platform within an environment. For example:

• splk-srv01-prd could be a Splunk instance in a production environment
• sentinel_dev-nyc could be a Microsoft Azure Sentinel instance in a staging environment

Each service belongs to a single environment and includes its own configuration, such as connection details (IP address, credentials, etc.).

Services are managed in a workspace’s settings.