Preface

This post will help you verify that the SkyFormation app could send audit events to a configured SIEM.

Each cloud connector when added to the SkyFormation app is attached to a specific tenant.
To allow the cloud connector's collected events to be send to a SIEM the cloud connector's tenant must be as well attached to a valid SIEM (SIEM defined in the SkyFormation app). 

cloud connector/s --- (attached to) --> Tenant ---(attached to) --> SIEM

Please follow the steps below to verify that SkyFormation app could send audit events to a specific SIEM configured.

Steps

Step 1: Log into your SkyFormation app

Step 2: Go to the SETTINGS -> SIEM INTEGRATION

Step 3:  Look in the table for the SIEM you would like to verify connectivity with

Step 4: Focus on the SIEM raw and press "EDIT"

Step 8: Verify the SIEM settings are aligned with the settings your SIEM expect as the syslog port
             to use, the SIEM DNS address and so on.

Step 9: At the bottom of the SIEM configuration page press the "TEST CONNECTION" button

             If you get a green "OK" response your SkyFormation app could send audit events
             to the SIEM

             If you get a red "Failed to send" response your SkyFormation app could not send
             audit events to the SIEM.
        

 To fix connectivity issues between SkyFormation app to a SIEM please refer to:
 How-to: Resolve Connectivity Issues Between SkyFormation app to a SIEM  

Done