This design and development work proposes a management structure to support multi-tenant operations for MSSP (Managed Security Service Provider) software, specifically for open-source SIEM (Security Information and Event Management) software that lack built-in multi-tenant features. The primary challenges are the separation of user authorization and management for each tenant, especially in environments with many tenants.

  The proposed multi-tenant model covers (1) user authorization management: enables access to each tenant within the same session without requiring re-authentication across tenants. (2) Rules management: allows importing rules from external sources or adding manually to specific tenants. (3) Consolidated alerts from all tenants to create an overview of the entire system.

  This architecture can be applied to software without the multi-tenant feature, to a concrete proof of concept (POC), Security Onion, a widely-used open-source SIEM, was used for this purpose. The system was customized, code was developed according to the designed architecture, and testing was conducted in a real environment.

  Additionally, this work addresses factors affecting recovery time in the event of a virtual machine (VM) resource shortage or being attacked, which can cause the virtual machine to shut down and impact tenants. The findings can be used to adjust the system to suit the environment, and shorten recovery time. The benefits of this work highlight the application of Security Onion for organizations that prefer open-source software solutions.