Skip to main content
Skyhigh Security

Configure SIEM over TCP-TLS

Use these configurations to send events over TLS to SIEM.

Supported certificate formats are:

  • .crt
  • .pem with sha256

To configure Skyhigh Cloud Connector with SIEM over TCP+TLS, use the following steps:

  1. Collect your SIEM CA root and Cloud Connector CA root certificates.
  2. To import the Cloud Connector CA root certificate to your customer SIEM server, follow the steps for your OS and device in Install CA Certificate as Trusted Root CA
  3. To import your SIEM server CA root certificate, execute the following commands on the Cloud Connector machine:

Command for Linux

 $EC_HOME/jre/bin/keytool -import -trustcacerts -keystore $EC_HOME/jre/lib/security/cacerts -storepass changeit -alias <custom-aliasname> -import -file  <CA File Path>

Command for Windows

$EC_HOME\jre\bin\keytool.exe -import -trustcacerts -keystore $EC_HOME\jre\lib\security\cacerts -storepass changeit -alias <custom-aliasname> -import -file  <CA File Path>
  1. Verify that the CA certificates are imported properly. 

Command for Linux

$EC_HOME/jre/bin/keytool -list -v -keystore $EC_HOME/jre/lib/security/cacerts -storepass changeit

 Command for Windows

$EC_HOME\jre\bin\keytool.exe -list -v -keystore $EC_HOME\jre\lib\security\cacerts -storepass changeit
  1. Login to Skyhigh CASB and go to Settings > Infrastructure > EC Configuration
  2. Select your Cloud Connector host ID, and go to the SIEM Integration tab. 
  3. For SIEM Protocol, select TCP+TLS, and click Save. For details, see Cloud Connector Config SIEM Integration.
  4. Wait for the application context to refresh on Cloud Connector (about 5 minutes.)
  5. Restart the SIEM server to receive events over TLS. 
  • Was this article helpful?