Akamai SIEM Integration

It’s common for companies with mature security organizations to have a Security Operations Center (SOC) that leverages security information and event management (SIEM) tools. SIEM provides a centralized view for security teams to easily access and analyze security information from a large number of sources, and prioritize mitigation efforts based on risk profiles. SIEM Integration is a comprehensive solution for capture, retention, and delivery of security information and events in real-time to SIEM applications. Customers using Kona Site Defender, Client Reputation, Web Application, or Bot Manager (BETA) can analyze security events generated on the Akamai platform and correlate them with security events generated from other sources. System Requirements Akamai’s Splunk Connector requires Oracle JRE 1.8+. Download the latest from the Oracle Java site (Java Platform, Standard Edition) or install it from a software distribution package on Linux. You must have Java installed on the host running Splunk Enterprise https://java.com/en/download/ Also, check to make sure that splunk forwarder is NOT installed on your Splunk Enterprise host machine. Proxy server To access the SIEM API from behind a proxy server, ensure that your proxy: whitelists the domains *.cloudsecurity.akamaiapis.net and *.luna.akamaiapis.net does not interfere with HTTP request headers for those domains. If, due to a strict enterprise security policy, your proxy does change these headers, make sure that at a minimum you allow and don't change the Host and Authorization headers. Hardware Requirements This application is has been tested with the following operating systems: CentOS 7 Windows Server 2012 R2 Mac OS X El Capitan Version 10.11.6 Some additional hardware requirements: 4 CPU cores 16 GB RAM 2GB Free Disk Space