SIEM Integration for Splunk and CEF Syslog

It’s common for companies with mature security organizations to have a Security Operations Center (SOC) that leverages security information and event management (SIEM) tools. SIEM provides a centralized view for security teams to easily access and analyze security information from a large number of sources, and prioritize mitigation efforts based on risk profiles.

SIEM Integration is a comprehensive solution for capture, retention, and delivery of security information and events in real-time to SIEM applications. Customers using Kona Site Defender can analyze security events generated on the Akamai platform and correlate them with security events generated from other sources.

NOTE: In order to use the SIEM Integrations, you must be an existing Akamai Kona Site Defender customer

Features

  • Supports on-premise and cloud-based SIEMs (Splunk, QRadar, ArcSight, and more)
  • Retains security events for 12 hours with the ability to replay missed security events in case of data connectivity issues
  • Provides control over how often to make a call to SIEM API and how many events to fetch in each call to avoid the SIEM application from being overloaded
  • Pre-filters security events based on security configuration and firewall policy so SIEM operators can focus on real threats

Downloads
Akamai SIEM Splunk Connector (v1.1.0)
Tested OS Version
CentOS 7
Windows Server 2012 R2
Mac OS X El Capitan Version 10.11.6
Splunk Version
6.5.3
Splunk Build
36937ad027d4
Akamai SIEM CEF Syslog Connector (v1.4)
Tested OS Version
Mac OS X El Capitan Version 10.11.6
Ubuntu 14.04.5 LTS - 64-bit
HP ArcSight Logger version
6.1.0.7504.1
SIEM Test Client
Executable test client to run diagnostics for debugging purposes


FAQ

If my SIEM is not supported with the out-of-the-box connectors, can I still use the SIEM Integration?

Yes, you can develop a custom connector to capture security events generated on the Akamai platform using the SIEM API. The API returns a list of JSON objects representing each security event. Please refer to SIEM API documentation for details.


Support

Need additional support? Email us at siem-integration@akamai.com