If you're having trouble at any stage please contact us at email@example.com.
This document explains the steps needed before you add your first SkyFormation Cloud Apps Connectors (e.g. Google Apps, Azure, Sales Cloud) if you are using the SkyFormation Single-Tenant mode only.
This guide assume you have completed the Install SkyFormation App guide successfully.
Configuring the SIEM
SkyFormation Cloud Apps Connectors require a configuration of a SIEM server which will get the entire events ingested by the cloud connectors.
To setup your SIEM follow these steps:
1) In the SIEM configuration page (see the diagram below) configure the following:
- Use SIEM: Choose Yes
- Host: Configure the SIEM host name as myserver.myorg.com
- Port: Configure the port in use by the SIEM syslog listener (default 514)
- Protocol: Configure whether to use: TCP/UDP/TLS pending on your syslog settings in the SIEM.
- Message Format: Choose the syslog RFC to use (default 5424)
When done click the "SEND TEST MESSAGE TO SIEM"
Wait to see that the OK icon appear in green.
Your SIEM is integrated correctly with SkyFormation now.
- click "Save and continue"
Adding SkyFormation Cloud App Connector
- At the “protected accounts” tab you will be able to add the entire Cloud Apps Connectors (called SkyFormation Account) supported by the SkyFormation platform.
For each cloud app connector you want to add you will need to go through the following steps:
- click on "select a service to add" and choose the connector you would like to add:
- Use the below instructions for each cloud app connector type:
For Sales Cloud (by Salesforce) go to:
How to: Add Sales Cloud Connector To SkyFormation Platform
For ServiceNow (by ServiceNow) go to:
How to: Add ServiceNow Connector To SkyFormation Platform
For Office 365 (by Microsoft) go to:
How to: Add Office365 Connector To SkyFormation Platform"
For AWS (by Amazon) go to:
How to: Add AWS Connector To SkyFormation Platform
For Google Apps (by Google) go to:
How to: Add Google Apps Connector To SkyFormation Platform
For Azure (by Microsoft) go to:
How to: Add Azure Connector To SkyFormation Platform
For Private application go to:
How to: Add Home-grown App Connector To SkyFormation Platform
- Follow the connector specific instructions in each link
- Make sure connection status is OK for the new connector added , as seen in this image:
- Repeat for additional accounts if there are any.
When done with the entire connector you needed click "SAVE & CONTINUE"
You are done with this guide !
Now you might want to configure for each connector added their audit details which will define what events will reach your SIEM.
To do that please follow the guide at:
How To: Configure Cloud App Connector To Send Events To SIEM/Splunk