If you're having trouble at any stage please contact us at firstname.lastname@example.org.
Aperture cloud service provides visibility into cloud services transactions so users can make informed policy decisions to reduce risk. The platform enables enterprises to secure both sanctioned and unsanctioned cloud services, protect sensitive data across the cloud and web, and stop online threats.
For more information on Aperture please visit:
The main challenges and needs are to:
- Get and retain full audit of activities in Aperture cloud accounts.
- Get all alerts and policy events from Aperture cloud
- The granular activities and alerts should be available at the organization’s central log or event management system for compliance, investigation or forensic needs.
- Detect security threats and policy violations
What is it
SkyFormation for Palo Alto Aperture Connector, is part of the SkyFormation Collect (c) module.
It continuously retrieves audit events from the different audit sources in the Aperture cloud account, unifies the events into a common application events format, enrich the events with needed detection context and send the events to any existing SIEM/SOC system.
How it works
SkyFormation for Palo Alto Aperture Cloud Connector retrieves the events from the Aperture service through its APIs. Before sending the events to the existing SIEM/SOC system the connector will
- Unify the events into the SkyFormation unified application events format
- Embed the origin event into the SkyFormation event as a blob
- Parse the origin event into a set of dedicated key-value fields
- Enrich the event with detection context (e.g. AD identity information)
- Encode the resulted event into the target SIEM/SOC system standard format (e.g. CEF)
- Send the event to the existing SIEM/SOC system over syslog
Connector's API/Audit Sources & Events Supported
|Audit Source (API)||Service/Module Covered||Event Included|
How to on-board Palo Alto Aperture Connector to SkyFormation app