If you're having trouble at any stage please contact us at support@skyformation.com.
Preface
This article provides an overview of how to effectively plan and manage the capacity of SkyFormation cloud connectors module.
IMPORTANT Note that the values presented in this article are based on test results as well as production environments but may not represent the final values at any environment and are much depends on the cloud service utilization level and characteristics.
SkyFormation Cloud Connector module sizing
SkyFormation cloud connectors retrieve log files activities and other information form cloud services (e.g. Office 365, Azure, Google G-Suite, AWS, ServiceNow, Salesforce and others) using the cloud service APIs, it than analyzes the information and events, enrich transform and send to the security events systems as SIEM integrated with.
SkyFormation persist statistic of the analyzed events in files and a subset of the raw cloud services events configured to be send to the SkyFormation console in each cloud service connector.
The below table provides the values needed to plan for SkyFormation events resulted in each cloud services connector that will be send to the company's security event system or SkyFormation persistence or both. The values represent a cloud service with 1000 users registered and used in the connector in a case of SaaS application or 100 Virtual Machines (e.g. AWS EC2) in a case of IaaS connector.
|
Category |
Description |
Values |
|
Number of events generated by SkyFormation for Salesforce cloud connector and send to SIEM |
This number represent the number of events send to the SIEM (assume all events monitored by SkyFormation are send to the SIEM) from each SkyFormation for Salesforce cloud connector for in use. (Not including the Salesforce event monitoring events) |
12000 events per day |
|
Number of events generated by SkyFormation for Office 365 cloud connector and send to SIEM |
This number represent the number of events send to the SIEM (assume all events monitored by SkyFormation are send to the SIEM) from each SkyFormation for Office 365 cloud connector in use. |
25000 events |
|
Number of events generated by SkyFormation for Google Apps cloud connector and send to SIEM |
This number represent the number of events send to the SIEM (assume all events monitored by SkyFormation are send to the SIEM) from each SkyFormation for Google Apps cloud connector in use. |
15000 events per day |
|
Number of events generated by SkyFormation for ServiceNow cloud connector and send to SIEM |
This number represent the number of events send to the SIEM (assume all events monitored by SkyFormation are send to the SIEM) from each SkyFormation for ServiceNow cloud connector in use. | 11000 events per day |
|
Number of events generated by SkyFormation for Azure cloud connector and send to SIEM |
This number represent the number of events send to the SIEM (assume all events monitored by SkyFormation are send to the SIEM) from each SkyFormation for Azure cloud connector in use (assume the diagnostic events also sent) |
10mm events |
|
File size created by SkyFormation cloud connectors for the SkyFormation events console |
This number represent the size of the file created by SkyFormation in case the cloud connectors are configured to send the resulted events to the SkyFormation events console in addition to the SIEM |
1MB |
Summary
The SkyFormation cloud connectors sizing plan should include the number of events expected to reach the SIEM/log systems, and the SkyFormation additional disk space needed in case the events are also configured to be send to the SkyFormation events console.
Comments
0 comments
Please sign in to leave a comment.