Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Akamai App and API Protector

integrations cloud akamai api protector

To integrate Akamai App & API Protector (formerly known as Kona Site Defender or Web Application Protector) with Secureworks® Taegis™ XDR, you must deploy Akamai’s SIEM CEF Connector on a server within your network. This log retrieval tool created by Akamai simplifies integrations with log aggregation and security detection platforms such as XDR.. Once the SIEM CEF Connector has been installed, you will configure it to send Akamai App & API Protector events via Syslog to a Taegis™ XDR Collector. Akamai App & API Protector events are filtered and correlated in real-time for various security event observations.

Follow the instructions below to integrate and enable monitoring by XDR.

Connectivity Requirements

Source Destination Port/Protocol
Akamai SIEM CEF Connector XDR Collector (mgmt IP) TCP/601

Data Provided from Integration

  Auth DNS HTTP Management Netflow NIDS Process Thirdparty
Akamai App & API Protector     D         Y

Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections


XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.

Akamai SIEM CEF Connector Documentation

Follow Akamai’s documentation to set up the SIEM Integration. In Step 4, continue with the instructions for implementing Akamai SIEM CEF Connector.

There are several parameters required for the Akamai SIEM CEF Connector to function as intended. Many of them can be left at their default values, but a few require manual configuration, using values that are unique to each customer’s Akamai environment, such as akamai.data.requesthost and akamai.data.baseurl.

For XDR. to properly receive and normalize events from the Akamai SIEM CEF Connector, use the following configuration file values, in addition to the other fields required by Akamai:

Configuration Filename Parameter Required Value
CEFConnector.properties akamai.cefformatheader CEF:0|Akamai|akamai_siem|1.0|eventClassId()|name()|severity()
log4j2.xml CEFHost IP address of the XDR Collector
log4j2.xml CEFPort 601
log4j2.xml CEFProtocol TCP

Example Query Language Searches

To search for Akamai App & API Protector events from the last 24 hours:

`FROM http WHERE sensor_type = 'Akamai App & API Protector' AND EARLIEST=-24h`

To search for http events associated with a specific URL:

`FROM http WHERE sensor_type = 'Akamai App & API Protector' AND uri_host = 'test.domain.com'`

To search for http events associated with a specific source IP address:

`FROM http WHERE sensor_type = 'Akamai App & API Protector' AND source_address = ''`


On this page: