Back to Blog

Multi-Tenant Threat Isolation: See Only What Matters to You

March 01, 2026 • Jonathan Kalbfeld
multi-tenantisolationnetworksenterprise

When you subscribe to a threat intelligence feed with thousands of active indicators, most of them aren't relevant to your organization. A brute-force attack on a server in Singapore doesn't matter if you only operate in North America. A blacklisted /24 in Eastern Europe is noise if none of your customers route through it.

SATIS now solves this with multi-tenant threat isolation — register your network prefixes, and we show you only the threats that target your infrastructure.

How It Works

1. Register Your Networks

Through the portal's Networks tab or the API, register the IP prefixes your organization owns or operates:

curl -X POST https://setecastronomyinc.com/api/v1/customer/networks \
  -H "Authorization: Bearer tck_your_key" \
  -H "Content-Type: application/json" \
  -d '{"prefix": "203.0.113.0/24", "label": "Production subnet"}'

You can register up to 20 prefixes — individual IPs, /24s, /16s, or IPv6 blocks.

2. Get Scoped Threats

Query the customer threats endpoint to see only what targets your networks:

curl https://setecastronomyinc.com/api/v1/customer/threats \
  -H "Authorization: Bearer tck_your_key"

The matching engine performs bidirectional subnet comparison:

  • A registered /24 matches threats targeting any /32 within it
  • A registered /32 is matched by threats targeting a containing /24
  • Both IPv4 and IPv6 are supported

This means if you register 203.0.113.0/24 and a threat targets 203.0.113.45, you'll see it. And if a threat targets the broader 203.0.113.0/22, you'll see that too — because it overlaps with your registered prefix.

3. Filter by Severity

Add severity filtering to focus on what matters most:

curl "https://setecastronomyinc.com/api/v1/customer/threats?severity=critical" \
  -H "Authorization: Bearer tck_your_key"

The Portal Experience

The new Networks and Threats tabs in the customer portal provide a visual interface:

  • Networks tab: Add, label, and remove your network prefixes with a simple form
  • Threats tab: Browse threats targeting your networks in a sortable table with severity color coding, source attribution, and confidence scores

Why This Matters

For managed security providers running multiple customer networks, this is transformative. Each customer sees only their threats. A SOC analyst monitoring 50 networks can instantly filter to the one that's under attack.

For enterprises, it eliminates the "drinking from a firehose" problem. Instead of parsing 5,000 daily threat indicators to find the 12 that affect you, SATIS does the filtering on the server side.

Combined with our webhook notifications, you can get real-time alerts only for threats targeting your specific infrastructure — no noise, no fatigue, just actionable intelligence.

Back to Blog