MSSP client workspaces

Managed providers can separate alerts, investigations, reports and integrations per client.

Last updated 4/3/2026

MSSP workspaces are designed for managed providers who serve multiple end customers from one SOCPilot organization.

What is isolated per client workspace

  • Alerts, investigations, evidence and timeline events
  • Integrations, credentials and ingestion runs
  • Briefs, compliance evidence packs and exports
  • Reports and audit log scope

What is shared across the MSSP organization

  • Analyst accounts, roles and shift schedules
  • Suppression rules, playbooks and approval policies (optionally scoped per client)
  • Cross-client dashboards available to MSSP leads

Permissions

MSSP analysts can be granted access to specific client workspaces only. Audit log entries always include the originating client workspace ID.

Related articles