SIEM Integration for Splunk and CEF Syslog

It’s common for companies with mature security organizations to have a Security Operations Center (SOC) that leverages security information and event management (SIEM) tools. SIEM provides a centralized view for security teams to easily access and analyze security information from a large number of sources, and prioritize mitigation efforts based on risk profiles.

SIEM Integration is a comprehensive solution for capture, retention, and delivery of security information and events in real-time to SIEM applications. Customers using Kona Site Defender can analyze security events generated on the Akamai platform and correlate them with security events generated from other sources.

NOTE: In order to use the SIEM Integrations, you must be an existing Akamai Kona Site Defender customer

Features

  • Supports on-premise and cloud-based SIEMs (Splunk, QRadar, ArcSight, and more)
  • Retains security events for 12 hours with the ability to replay missed security events in case of data connectivity issues
  • Provides control over how often to make a call to SIEM API and how many events to fetch in each call to avoid the SIEM application from being overloaded
  • Pre-filters security events based on security configuration and firewall policy so SIEM operators can focus on real threats

Downloads
Akamai SIEM Splunk Connector (v1.1.2)
Tested OS Version
CentOS 7
Windows Server 2012 R2
Mac OS X El Capitan Version 10.11.6
Splunk Version
6.5.3
Splunk Build
36937ad027d4
Akamai SIEM CEF Syslog Connector (v1.5)
Tested OS Version
Mac OS X El Capitan Version 10.11.6
Ubuntu 14.04.5 LTS - 64-bit
HP ArcSight Logger version
6.1.0.7504.1
SIEM Test Client
Executable test client to run diagnostics for debugging purposes


FAQ

If my SIEM is not supported with the out-of-the-box connectors, can I still use the SIEM Integration?

Yes, you can develop a custom connector to capture security events generated on the Akamai platform using the SIEM API. The API returns a list of JSON objects representing each security event. Please refer to SIEM API documentation for details.


Support

Need additional support? Visit the SIEM Connectors Community page to get answers from Akamai engineers and other SIEM administrators.