Articles in this section

See more

Adding Custom Connector to SkyFormation Platform

Avatar
Nadav Lavy (Greenberg)
  • Updated
Follow

If you're having trouble at any stage please contact us at support@skyformation.com

Preface

The goal of this guide is to add SkyFormation Custom Connector to your SkyFormation Platform to be able to ingest audit events from customized data sources, and be able to transform them into meaningful detection-ready events. For more information see the SkyFormation Custom Connector Overview guide  

 

Steps

1. Logon to your SkyFormation Platform:

2. Navigate via left navigation panel to "Settings" section

3. Navigate via New Settings left navigation panel to "Accounts" section

4. Click the "Add Account" bottom

5. At the "SELECT SERVICE TO ADD" choose "Custom Connector" 

You will see the below screen:

Screen_Shot_2020-04-27_at_11.50.48.png

5. Fill in the following information:

   - Tenant (relevant only for the multi-tenant SkyFormation edition)
       Choose the tenant the new connector will be attached to.     

  - Account Name
       Give the custom connector a meaningful name for you. This will become your application
      connector name displayed in the SkyFormation platform and added to entire events sent to your
      SIEM/Log/Splunk system from this connector as identifier. 

      Example: 
      "Sales custom pricing app"     

    - Description
      Add any text that describe the specific application and meaning for the business.

      Example:
      "Corp sales application to define and optimize sales pricing"

- Authentication Method

Choose a method for authenticating with the data source.

For Azure, select "Azure Storage - SAS Tokens" - See configuration guide

For AWS S3, select one of "InstanceProfile", "STSAssumeRole" and "s3-sqs-authn-type" - See configuration guide

 Per the selected data source and authentication type, there'll be different fields to fill.

A common field for any data source & authentication method is the Processor - 

   - Processor 

      Choose the processor from the drop-down list, that will determine the way the events ingested
      will be parsed.

Choose "Pass-Thru" if the data is none of the ones in the list. It'll pass the data as-is, without assuming anything with regard to the data's structure, without parsing anything from it. not even the timestamp of the events. 

      skyformation_custom_connector_proccesors.png

     For better understanding of the way the processors works please refer to:
     SkyFormation Custom Connector Overview      

- Click "SAVE"

 

Make sure the "STATUS" of the new connector in the table is OK and green.

 

Your are done !

 

Related articles

Comments

0 comments

Please sign in to leave a comment.