SkyFormation Modules


Stay on top of your shadow-IT trends and risks
and ensure acceptable usage policies

Shadow IT discovery


  • Which cloud services and applications are being used by our employees?

  • What are the security and compliance risks in cloud services and shadow IT?

  • How can I identify cloud usage violations and trigger incident response?


  • Discover and show your SIEM which cloud services are being used, by whom and when

  • Enrich discovered cloud services with security readiness score for effective and easy risk assessment

  • Ensure governance and compliance using the existing incident response process and systems


Do you want to know which cloud services and applications are being used by your organization's employees?

SkyFormation Discovery will show you which cloud services are being used, who is using them and additional useful information.



SkyFormation either uses log files from firewalls, proxies and Active Directory and resolve the organization usage and adoption of cloud services by the organization's users.

Your Shadow IT will become visible in just a few minutes after SkyFormation Discovery setup!


Out-of-the-box connectors for unified cloud services visibility
of activities, alerts, flows and more, in your existing SIEM/SOC systems

Protect cloud application screen


  • How can my SIEM get granular events and users activity information without needing professional services?

  • How do I rapidly create detection rules for cloud services policy violation and threat detection?

  • How do I keep the detection rules running when cloud service APIs are change?


  • Out-of-the-box cloud services connectors for your SIEM saving you expensive development or professional services.

  • Out-of-the-box threat detection rules in your SIEM, based on user access behavior, changes in permissions/privileges, administration changes, file and resource management issues and more.

  • On-going updates for the threat detection rules in your SIEM, to keep you up-to-date with latest threats and risks.


Do you need to identify compromised accounts, insecure security settings changes, sensitive data sharing activities and more  ?

Identifying security threats and regulation compliance risks reduces risks and allow safer and faster adoption of cloud services.


SkyFormation provides detection rules that are applied to your existing SIEM system, and detect security threats and compliance risks.

Example for out of the box detected scenarios and risks:


SkyFormation platform includes extensions to existing SIEM systems that add out of the box detection rules.


API to trigger incident response 
on cloud services from your existing automation tool

Analyze cloud application risks


  • How do you suspend a user or stop a VM in cloud services from within your
    existing automation and orchestration tool, without develop integration to each cloud service?


  • Allow any existing remediation and automation tool to perform remediation actions on cloud services, as reset user password, remove a file and more, with our cloud services connectors remediation API.


SkyFormation has helped you learn about your cloud apps, users and data. Now, how can you govern them?

SkyFormation Extend employs a Universal Connector to collect security-related events from your cloud applications and transfer them to your SIEM/SoC security tools.


SkyFormation Extend Universal Connector collects security-related events to provide uniform, meaningful and actionable events to any of your existing security tools (SIEM, Splunk, Log aggregators and security analytics).

Zoom into business cloud applications such as Salesforce, ServiceNow, Office 365, Google Apps and AWS to continuously analyze their data security and compliance threats.


SkyFormation employs various technologies to collect data from cloud applications, sparing you the need to learn different APIs and each application's internal business logic.

Our Universal Collector can receive raw data across different applications and put rorth meaningful, uniform output so that the security team can easily understand what happened and act upon it.