If you're having trouble at any stage please contact us at firstname.lastname@example.org.
Business applications and services that generate audit logs and stored them in different variant data sources as folders, proprietary API and else, present the organization with some security challenges as:
- Get and retain meaningful granular audit of the security activities in the application
- The granular audit should be available at the organization’s central log or event management system for compliance, investigation or forensic needs.
- Detect anomalies, security threats and policy violations based on the granular activities
What is it
SkyFormation Custom Connector, is part of the SkyFormation Cloud Connectors module. It continuously ingests events from different customer data sources as AWS S3 bucket, unify the events into a common application events format, enrich the events with needed detection context and send the events to any existing SIEM/SOC system.
How it works
SkyFormation Custom Connector retrieves audit events from the data source type configured (e.g. file system) and before sending the events to the existing SIEM/SOC system the connector will:
- Unify the events into the SkyFormation unified application events format
- Embed the origin event into the SkyFormation event
- Complement the event with missing information
- Enrich the event with detection context as AD identity information
- Encode the resulted event into a standard format as CEF
- Send the event to the existing SIEM/SOC system over syslog
SkyFormation Custom Connector audit Sources & Events Supported
The SkyFormation Custom Connector will process the ingested events by using one of its supported
|Data Source Events Type||Events modeling done|
|Windows Security Events||Windows Security Events|
|Duo Events||Duo Trusted Access events|
|Pulse VPN Events||Pulse Connect Secure|
|Windows DC Events||Windows Domain Controller Events|
|Bluecoat Proxy Events||Bluecoat ProxySG events|
How to on-board SkyFormation Custom Connector to SkyFormation app