If you're having trouble at any stage please contact us at support@skyformation.com. 

Preface

This document explains the steps needed before you add your first SkyFormation Cloud Apps Connectors (e.g. Google Apps, Azure, Sales Cloud) if you are using the SkyFormation Single-Tenant mode only.

This guide assume you have completed the Install SkyFormation App guide successfully.

Configuring the SIEM 

SkyFormation Cloud Apps Connectors require a configuration of a SIEM server which will get the entire events ingested by the cloud connectors.

To setup your SIEM follow these steps: 

1) In the SIEM configuration page (see the diagram below) configure the following:  

- Use SIEM: Choose Yes

- Host: Configure the SIEM host name as myserver.myorg.com 

- Port: Configure the port in use by the SIEM syslog listener (default 514)

- Protocol: Configure whether to use: TCP/UDP/TLS pending on your syslog settings in the SIEM.

- Message Format: Choose the syslog RFC to use (default 5424)

When done click the "SEND TEST MESSAGE TO SIEM" 

Wait to see that the OK icon appear in green.

Your SIEM is integrated correctly with SkyFormation now.

- click "Save and continue"

Adding SkyFormation Cloud App Connector 

- At the “protected accounts” tab you will be able to add the entire Cloud Apps Connectors (called SkyFormation Account) supported by the SkyFormation platform.

For each cloud app connector you want to add you will need to look for the cloud connector's onboard guide
at this page:

https://support.skyformation.com/hc/en-us/articles/115001270413-SkyFormation-Supported-Cloud-Connectors

You are done with this guide !

Next Steps

Now you might want to configure for each connector added their audit details which will define what events will reach your SIEM.

To do that please follow the guide at:
How To: Configure Cloud App Connector To Send Events To SIEM/Splunk