diff --git a/cid-redirects.json b/cid-redirects.json
index 3ab156fb67..c39e8d1c07 100644
--- a/cid-redirects.json
+++ b/cid-redirects.json
@@ -1800,6 +1800,7 @@
"/cid/1082": "/docs/metrics/introduction/get-started-metrics",
"/cid/10820": "/docs/manage/manage-subscription/create-and-manage-orgs/create-manage-orgs",
"/cid/10821": "/docs/search/get-started-with-search/search-page/change-time-range-in-histogram",
+ "/cid/108221": "/docs/manage/manage-subscription/create-and-manage-orgs/manage-orgs-for-mssps",
"/cid/1083": "/docs/manage/users-roles/roles/role-based-access-control",
"/cid/1084": "/docs/metrics/manage-metric-volume/disabled-metrics-sources",
"/cid/1085": "/docs/send-data/installed-collectors/macos",
diff --git a/docs/cse/get-started-with-cloud-siem/about-cse-insight-ui.md b/docs/cse/get-started-with-cloud-siem/about-cse-insight-ui.md
index 98e975cafd..f305724877 100644
--- a/docs/cse/get-started-with-cloud-siem/about-cse-insight-ui.md
+++ b/docs/cse/get-started-with-cloud-siem/about-cse-insight-ui.md
@@ -74,13 +74,17 @@ You can use the **Filters** area near the top of the page to narrow down the ins
* Status
* Tags
-### Multi-insights list page
+### View insights in child organizations
-If you are logged in to a parent organization with child organizations that also use Cloud SIEM, the insights list page shows all insights across all your child organizations. This is useful if your company is a large enterprise with many organizations or is a Managed Security Service Provider (MSSP), and you'd like to see all insights across all areas in a single page.
+If you manage a parent organization with child organizations that also use Cloud SIEM, you can see a list of all insights across multiple child organizations. This is useful if your company is a large enterprise with many organizations or is a Managed Security Service Provider (MSSP), and you'd like to see all insights across all areas in a single page.
This multi-insights list page (also known as a "federated" page) shows insights just as in a normal [insights list page](#insights-list-page). However, when you click an insight on the page, it opens the insight's details in the child organization's UI. You can also use the [board view](#board-view) on the multi-insights page to move insights to different statuses.
-To be able to see insights in child organizations, [add child organizations](/docs/manage/manage-subscription/create-and-manage-orgs/create-manage-orgs) that use Cloud SIEM. Then when the parent organization user goes to their Cloud SIEM insights list page, all the child organizations' insights appear in the list.
+To be able to see insights in child organizations, [add child organizations](/docs/manage/manage-subscription/create-and-manage-orgs/create-manage-orgs) that use Cloud SIEM. Then when the parent organization user goes to their Cloud SIEM insights list page, all the child organizations' insights appear in the list.
+
+
## Insight details page
diff --git a/docs/manage/manage-subscription/create-and-manage-orgs/index.md b/docs/manage/manage-subscription/create-and-manage-orgs/index.md
index b01e8fc627..9723177378 100644
--- a/docs/manage/manage-subscription/create-and-manage-orgs/index.md
+++ b/docs/manage/manage-subscription/create-and-manage-orgs/index.md
@@ -47,6 +47,12 @@ In this section, we'll introduce the following concepts:
Learn how to update org names, define subdomain names, delete orgs, and change the account owner.
+
## View a child org, child credits usage, and baseline
diff --git a/docs/manage/manage-subscription/create-and-manage-orgs/manage-org-settings.md b/docs/manage/manage-subscription/create-and-manage-orgs/manage-org-settings.md
index 1aba75f811..c1c0af5734 100644
--- a/docs/manage/manage-subscription/create-and-manage-orgs/manage-org-settings.md
+++ b/docs/manage/manage-subscription/create-and-manage-orgs/manage-org-settings.md
@@ -143,4 +143,4 @@ Automatic sign-in works because when you created the child organization, a [subd
As an administrator, if you log out of a child organization with SSO enabled, the following screen appears. Click **Login with Parent Org** to sign back in automatically using your parent organization credentials.
-})
\ No newline at end of file
+
diff --git a/docs/manage/manage-subscription/create-and-manage-orgs/manage-orgs-for-mssps.md b/docs/manage/manage-subscription/create-and-manage-orgs/manage-orgs-for-mssps.md
new file mode 100644
index 0000000000..e24d611a6e
--- /dev/null
+++ b/docs/manage/manage-subscription/create-and-manage-orgs/manage-orgs-for-mssps.md
@@ -0,0 +1,79 @@
+---
+id: manage-orgs-for-mssps
+title: Manage Organizations for MSSPs
+sidebar_label: Manage Orgs for MSSPs
+description: Learn how to manage organizations for Managed Security Service Providers (MSSPs).
+---
+
+
+
+
+
+Beta
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+This article describes how to manage organizations for Managed Security Service Providers (MSSPs). MSSP administrators must ensure that the content of their child organizations is properly configured. MSSPs often consist of a parent organization with child organizations that use [Cloud SIEM](/docs/cse/).
+
+## Prerequisites
+
+### Roles
+
+You must have the following [organization role capabilities](/docs/manage/users-roles/roles/role-capabilities/#organizations) to create and manage organizations as an MSSP administrator:
+
+* Organizations
+ * View Organizations
+ * Create Organizations
+ * Manage Organizations
+
+## Update content in child organizations
+
+To ensure that content is consistent across child organizations, use the **Content Management** tab.
+
+You can update the following:
+* Cloud SIEM [rules](/docs/cse/rules/)
+* Cloud SIEM [rule tuning expressions](/docs/cse/rules/rule-tuning-expressions/)
+
+To update content:
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Administration > Organizations**.
[**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu, select **Organizations**. You can also click the **Go To...** menu at the top of the screen and select **Organizations**.
+1. Select the **Content Management** tab.
+1. In the **Source** field, select the organization that will provide the source data to be updated in other organizations.
+1. In the **Content** bar, select the content to be updated:
+ * **Cloud SIEM Rules**
+ * **Rule Tuning Expressions**
+1. Select individual items to be updated, or all items.
+1. Click **Update Selected Items**.
})
+1. On the **Update Selected Items** box, click **Destinations** to select the organizations to update the selected items to. You can update to all organizations, a single child organization, or multiple child organizations.
})
Tips:
+ * If you select **All Child Organizations**, you can then select organizations to exclude, allowing you to update to all organizations except those you select:
})
+ * When you update rule tuning expressions, select **Include Associated Cloud SIEM Rules** to also update all the Cloud SIEM rules that the expressions are used on:
})
+1. Click **Update**. An **Updating in progress** dialog is displayed.
+
+## View history
+
+1. Click **View History** in the upper-right corner of the page.
A query for update history displays:
})
+1. Click the search button. })
The update history displays. The email of the individual who performed the update appears in the **user_email** column, and the updated items appear in the **content** column.
})
+1. Investigate any updates that failed and re-run the update if needed.
+
+## FAQs
+
+### What to expect when updating Cloud SIEM rules
+
+* **Are rule tuning expressions included?**
No, they are not included, but can be updated separately.
+* **What happens when a rule with the same name already exists?**
It will be replaced in the child organization.
+* **What if errors occur during updating?**
Affected items will be skipped. Once the rest of the content is updated, you can review errors in log search and retry.
+
+### What to expect when updating Cloud SIEM rule tuning expressions
+
+* **What happens if a tuning expression with the same name already exists?**
It will be replaced in the child organization.
+* **What if errors occur during updating?**
Affected items will be skipped. Once the rest of the content is updated, you can review errors in log search and retry.
+* **What happens if the source tuning expression contains Cloud SIEM rules?**
If the **Include Linked Cloud SIEM Rules** option is selected, existing rules with the same name in the destination organization will be linked to match the source tuning expression.
+* **What if no matching Cloud SIEM rules are found in the destination organization?**
The update will complete with a warning, and missing rules will be logged in the audit log. You can update those rules separately and re-run the tuning expression update.
+
+
+## Multi-insights list page in Cloud SIEM
+
+If you are logged in to a parent organization with child organizations that also use Cloud SIEM, the insights list page in Cloud SIEM allows you to [view insights in child organizations](/docs/cse/get-started-with-cloud-siem/about-cse-insight-ui/#view-insights-in-child-organizations).
+
+This multi-insights list page (also known as a "federated" page) shows insights just as in a normal insights list page. When you click an insight on the page, you are automatically signed in to the child organization (if SSO is enabled for the child organization), and the insight's details open in the child organization's UI. You can also use the board view on the multi-insights page to move insights to different statuses.
+
+To be able to see insights in child organizations, add child organizations that use Cloud SIEM. Then when the parent organization user goes to their Cloud SIEM insights list page, all the child organizations' insights appear in the list.
diff --git a/sidebars.ts b/sidebars.ts
index d5b955236b..e2d341a34f 100644
--- a/sidebars.ts
+++ b/sidebars.ts
@@ -972,6 +972,7 @@ module.exports = {
'manage/manage-subscription/create-and-manage-orgs/create-manage-orgs-service-providers',
'manage/manage-subscription/create-and-manage-orgs/create-manage-orgs-flex',
'manage/manage-subscription/create-and-manage-orgs/manage-org-settings',
+ //'manage/manage-subscription/create-and-manage-orgs/manage-orgs-for-mssps',
],
},
{
diff --git a/static/img/manage/subscriptions/mssp-orgs-selected-organizations.png b/static/img/manage/subscriptions/mssp-orgs-selected-organizations.png
new file mode 100644
index 0000000000..a717b21001
Binary files /dev/null and b/static/img/manage/subscriptions/mssp-orgs-selected-organizations.png differ
diff --git a/static/img/manage/subscriptions/mssp-orgs-sync-associated-rules.png b/static/img/manage/subscriptions/mssp-orgs-sync-associated-rules.png
new file mode 100644
index 0000000000..bd1cd1a39e
Binary files /dev/null and b/static/img/manage/subscriptions/mssp-orgs-sync-associated-rules.png differ
diff --git a/static/img/manage/subscriptions/mssp-orgs-sync-selected-items-2.png b/static/img/manage/subscriptions/mssp-orgs-sync-selected-items-2.png
new file mode 100644
index 0000000000..2c1246ce61
Binary files /dev/null and b/static/img/manage/subscriptions/mssp-orgs-sync-selected-items-2.png differ
diff --git a/static/img/manage/subscriptions/mssp-orgs-sync-selected-items.png b/static/img/manage/subscriptions/mssp-orgs-sync-selected-items.png
new file mode 100644
index 0000000000..3498eb865c
Binary files /dev/null and b/static/img/manage/subscriptions/mssp-orgs-sync-selected-items.png differ
diff --git a/static/img/manage/subscriptions/mssp-view-history-query-results.png b/static/img/manage/subscriptions/mssp-view-history-query-results.png
new file mode 100644
index 0000000000..0c814165cc
Binary files /dev/null and b/static/img/manage/subscriptions/mssp-view-history-query-results.png differ
diff --git a/static/img/manage/subscriptions/mssp-view-history-query.png b/static/img/manage/subscriptions/mssp-view-history-query.png
new file mode 100644
index 0000000000..03d3363570
Binary files /dev/null and b/static/img/manage/subscriptions/mssp-view-history-query.png differ
diff --git a/static/img/manage/subscriptions/search-button.png b/static/img/manage/subscriptions/search-button.png
new file mode 100644
index 0000000000..7166c87861
Binary files /dev/null and b/static/img/manage/subscriptions/search-button.png differ