This post will help you verify that the SkyFormation app could send audit events to a configured SIEM.
Each cloud connector when added to the SkyFormation app is attached to a specific tenant.
To allow the cloud connector's collected events to be send to a SIEM the cloud connector's tenant must be as well attached to a valid SIEM (SIEM defined in the SkyFormation app).
cloud connector/s --- (attached to) --> Tenant ---(attached to) --> SIEM
Please follow the steps below to verify that SkyFormation app could send audit events to a specific SIEM configured.
Step 1: Log into your SkyFormation app
Step 2: Go to the SETTINGS -> SIEM INTEGRATION
Step 3: Look in the table for the SIEM you would like to verify connectivity with
Step 4: Focus on the SIEM raw and press "EDIT"
Step 8: Verify the SIEM settings are aligned with the settings your SIEM expect as the syslog port
to use, the SIEM DNS address and so on.
Step 9: At the bottom of the SIEM configuration page press the "TEST CONNECTION" button
If you get a green "OK" response your SkyFormation app could send audit events
to the SIEM
If you get a red "Failed to send" response your SkyFormation app could not send
audit events to the SIEM.
To fix connectivity issues between SkyFormation app to a SIEM please refer to:
How-to: Resolve Connectivity Issues Between SkyFormation app to a SIEM