SIEM Integration for Splunk and CEF Syslog
It’s common for companies with mature security organizations to have a Security Operations Center (SOC) that leverages security information and event management (SIEM) tools. SIEM provides a centralized view for security teams to easily access and analyze security information from a large number of sources, and prioritize mitigation efforts based on risk profiles.
SIEM Integration is a comprehensive solution for capture, retention, and delivery of security information and events in real-time to SIEM applications. Customers using Kona Site Defender can analyze security events generated on the Akamai platform and correlate them with security events generated from other sources.
NOTE: In order to use the SIEM Integrations, you must be an existing Akamai Kona Site Defender customer
- Supports on-premise and cloud-based SIEMs (Splunk, QRadar, ArcSight, and more)
- Retains security events for 12 hours with the ability to replay missed security events in case of data connectivity issues
- Provides control over how often to make a call to SIEM API and how many events to fetch in each call to avoid the SIEM application from being overloaded
- Pre-filters security events based on security configuration and firewall policy so SIEM operators can focus on real threats
If my SIEM is not supported with the out-of-the-box connectors, can I still use the SIEM Integration?
Yes, you can develop a custom connector to capture security events generated on the Akamai platform using the SIEM API. The API returns a list of JSON objects representing each security event. Please refer to SIEM API documentation for details.
Need additional support? Email us at firstname.lastname@example.org