It’s common for companies with mature security organizations to have a Security Operations Center (SOC) that leverages security information and event management (SIEM) tools. SIEM provides a centralized view for security teams to easily access and analyze security information from a large number of sources, and prioritize mitigation efforts based on risk profiles.
SIEM Integration is a comprehensive solution for capture, retention, and delivery of security information and events in real-time to SIEM applications. Customers using Kona Site Defender, Client Reputation, Web Application, or Bot Manager (BETA) can analyze security events generated on the Akamai platform and correlate them with security events generated from other sources.
System Requirements
Akamai’s Splunk Connector requires Oracle JRE 1.8+. Download the latest from the Oracle Java site (Java Platform, Standard Edition) or install it from a software distribution package on Linux.
You must have Java installed on the host running Splunk Enterprise https://java.com/en/download/
Also, check to make sure that splunk forwarder is NOT installed on your Splunk Enterprise host machine.
Proxy server
To access the SIEM API from behind a proxy server, ensure that your proxy:
whitelists the domains *.cloudsecurity.akamaiapis.net and *.luna.akamaiapis.net
does not interfere with HTTP request headers for those domains. If, due to a strict enterprise security policy, your proxy does change these headers, make sure that at a minimum you allow and don't change the Host and Authorization headers.
Hardware Requirements
This application is has been tested with the following operating systems:
CentOS 7
Windows Server 2012 R2
Mac OS X El Capitan Version 10.11.6
Some additional hardware requirements:
4 CPU cores
16 GB RAM
2GB Free Disk Space
Created By
Akamai Technologies Inc., an official Splunk Partner
Resources
Log in to report this app listing