Ensign Akamai Web Security Add-on

Ensign Akamai Web Security Add-on for Splunk An enterprise-grade alternative to the official Akamai SIEM app, rebuilt on the Splunk UCC framework v6.3.0. WHY THIS ADD-ON? The official Akamai app (refer to : https://splunkbase.splunk.com/app/4310) uses legacy way for enabled the input (via Settings => Data Input) and several parsing is not key-value-pair based after coming ingested in Splunk, rather than using spath and makes easier for analyst to choose the fields, this add-ons are one to solve that. This add-on provides: - Full UI-driven configuration based on your usual for inputs based on Add-ons (just directly configured under the add-ons like the other Splunk Supported Add-ons). - Multi-account management with encrypted credential storage via Splunk's native password vault - Multi-proxy support (HTTP, HTTPS, SOCKS4, SOCKS5) with per-input proxy assignment - Offset-based checkpointing for reliable data continuity across restarts. - Custom sourcetype override per input for seamless migration. - Deployment Server compatible. DATA SOURCE: Captures security events from Akamai SIEM Integration API v1, supporting: - App & API Protector - Kona Site Defender - Web Application Protector - Client Reputation - Bot Manager - Account Protector EVENT PROCESSING: - URL-decodes all fields recursively - Parses HTTP headers into structured key-value pairs - Decodes base64-encoded attackData rule fields into structured objects - Drops summary/offset metadata events (nullQueue) Ref: https://techdocs.akamai.com/siem-integration/docs Built by Ensign Infosecurity Indonesia.