SIEM Integration for Splunk and CEF Syslog
It’s common for companies with mature security organizations to have a Security Operations Center (SOC) that leverages security information and event management (SIEM) tools. SIEM provides a centralized view for security teams to easily access and analyze security information from a large number of sources, and prioritize mitigation efforts based on risk profiles.
SIEM Integration is a comprehensive solution for capture, retention, and delivery of security information and events in real-time to SIEM applications. Customers using Kona Site Defender can analyze security events generated on the Akamai platform and correlate them with security events generated from other sources.
NOTE: In order to use the SIEM Integrations, you must be an existing Akamai Kona Site Defender customer
- Supports on-premise and cloud-based SIEMs (Splunk, QRadar, ArcSight, and more)
- Retains security events for 12 hours with the ability to replay missed security events in case of data connectivity issues
- Provides control over how often to make a call to SIEM API and how many events to fetch in each call to avoid the SIEM application from being overloaded
- Pre-filters security events based on security configuration and firewall policy so SIEM operators can focus on real threats
If my SIEM is not supported with the out-of-the-box connectors, can I still use the SIEM Integration?
Yes, you can develop a custom connector to capture security events generated on the Akamai platform using the SIEM API. The API returns a list of JSON objects representing each security event. Please refer to SIEM API documentation for details.
Need additional support? Visit the SIEM Connectors Community page to get answers from Akamai engineers and other SIEM administrators.