Akamai SIEM Integration for Splunk and CEF Syslog
It’s common for companies with mature security organizations to have a Security Operations Center (SOC) that leverages security information and event management (SIEM) tools. SIEM provides a centralized view for security teams to easily access and analyze security information from a large number of sources, and prioritize mitigation efforts based on risk profiles.
SIEM Integration is a comprehensive solution for capture, retention, and delivery of security information and events in real-time to SIEM applications. Customers using Kona Site Defender, Client Reputation, Web Application, or Bot Manager (BETA) can analyze security events generated on the Akamai platform and correlate them with security events generated from other sources.
- Supports on-premise and cloud-based SIEMs (Splunk, QRadar, ArcSight, and more)
- Retains security events for 12 hours with the ability to replay missed security events in case of data connectivity issues
- Provides control over how often to make a call to SIEM API and how many events to fetch in each call to avoid the SIEM application from being overloaded
- Pre-filters security events based on security configuration and firewall policy so SIEM operators can focus on real threats
Akamai SIEM Splunk Connector (v1.4.2)
|View it on GitHub|
Tested OS Version
Windows Server 2012 R2
Mac OS X El Capitan Version 10.11.6
|6.5.3+ (including 7.1.2)|
Akamai SIEM CEF Syslog Connector (v1.6.0)
|View it on GitHub|
|Tested OS Version||Mac OS X El Capitan Version 10.11.6|
Ubuntu 14.04.5 LTS - 64-bit
|HP ArcSight Logger version||220.127.116.1104.1|
SIEM Test Client
|Executable test client to run diagnostics for debugging purposes.|
|SIEM Integration Documentation|
|SIEM API Overview|
|Kona Site Defender Product Page|
|State of the Internet - Security Reports|
If my SIEM is not supported by the sample connectors, can I still use the SIEM Integration?
Yes, you can develop a custom connector to capture security events generated on the Akamai platform using the SIEM API. The API returns a list of JSON objects representing each security event. Please refer to SIEM API documentation for details.
Need additional support? Visit the SIEM Connectors Community page to get answers from Akamai engineers and other SIEM administrators.