If you're having trouble at any stage please contact us at firstname.lastname@example.org.
Business applications and services that generate audit logs and stored them in different variant data sources as folders, proprietary API and else, present the organization with some security challenges as:
- Get and retain meaningful granular audit of the security activities in the application
- The granular audit should be available at the organization’s central log or event management system for compliance, investigation or forensic needs.
- Detect anomalies, security threats and policy violations based on the granular activities
What is it
SkyFormation Custom Connector, is part of the SkyFormation Cloud Connectors module. It continuously ingests events from different customer data sources as AWS S3 bucket, unify the events into a common application events format, enrich the events with needed detection context and send the events to any existing SIEM/SOC system.
Supported Data sources
Currently, two data sources are supported:
- AWS S3 Bucket, with a backing SQS queue
- Azure Storage Account (General purpose V2, i.e. StorageV2), with a backing queue in that storage account (Since version 2.4.165)
SkyFormation Custom Connector audit Sources & Events Supported
The SkyFormation Custom Connector will process the ingested events by using one of its supported
|Data Source Events Type||Events modeling done|
|Windows Security Events||Windows Security Events|
|Duo Events||Duo Trusted Access events|
|Pulse VPN Events||Pulse Connect Secure|
|Windows DC Events||Windows Domain Controller Events|
|Bluecoat Proxy Events||Bluecoat ProxySG events|
|Cisco Umbrella DNS||Cisco Umbrella Events|
|Pass-through||*Any||* No parsing / modeling is done|
How to on-board SkyFormation Custom Connector to SkyFormation app