Akamai SIEM Integration for Splunk and CEF Syslog

It’s common for companies with mature security organizations to have a Security Operations Center (SOC) that leverages security information and event management (SIEM) tools. SIEM provides a centralized view for security teams to easily access and analyze security information from a large number of sources, and prioritize mitigation efforts based on risk profiles.

SIEM Integration is a comprehensive solution for capture, retention, and delivery of security information and events in real-time to SIEM applications. Customers using Kona Site Defender, Client Reputation, Web Application, or Bot Manager (BETA) can analyze security events generated on the Akamai platform and correlate them with security events generated from other sources.



  • Supports on-premise and cloud-based SIEMs (Splunk, QRadar, ArcSight, and more)
  • Retains security events for 12 hours with the ability to replay missed security events in case of data connectivity issues
  • Provides control over how often to make a call to SIEM API and how many events to fetch in each call to avoid the SIEM application from being overloaded
  • Pre-filters security events based on security configuration and firewall policy so SIEM operators can focus on real threats



Akamai SIEM Splunk Connector (v1.4.4)



Download from splunkbase

View it on GitHub



Tested OS Version

CentOS 7
Windows Server 2012 R2
Mac OS X El Capitan Version 10.11.6

Splunk Version

6.5.3+ (including 7.1.2) 

Akamai SIEM CEF Syslog Connector (v1.6.0)




View it on GitHub  
Tested OS VersionMac OS X El Capitan Version 10.11.6
Ubuntu 14.04.5 LTS - 64-bit
HP ArcSight Logger version6.1.0.7504.1 

SIEM Test Client




Executable test client to run diagnostics for debugging purposes.  


Additional Content

SIEM Integration Documentation
SIEM API Overview
Kona Site Defender Product Page
State of the Internet - Security Reports



If my SIEM is not supported by the sample connectors, can I still use the SIEM Integration?

Yes, you can develop a custom connector to capture security events generated on the Akamai platform using the SIEM API. The API returns a list of JSON objects representing each security event. Please refer to SIEM API documentation for details.



Need additional support? Visit the SIEM Connectors Community page to get answers from Akamai engineers and other SIEM administrators.