Akamai App and API Protector
integrations cloud akamai api protector
To integrate Akamai App & API Protector (formerly known as Kona Site Defender or Web Application Protector) with Secureworks® Taegis™ XDR, you must deploy Akamai’s SIEM CEF Connector on a server within your network. This log retrieval tool created by Akamai simplifies integrations with log aggregation and security detection platforms such as XDR.. Once the SIEM CEF Connector has been installed, you will configure it to send Akamai App & API Protector events via Syslog to a Taegis™ XDR Collector. Akamai App & API Protector events are filtered and correlated in real-time for various security event observations.
Follow the instructions below to integrate and enable monitoring by XDR.
Connectivity Requirements ⫘
| Source | Destination | Port/Protocol |
|---|---|---|
| Akamai SIEM CEF Connector | XDR Collector (mgmt IP) | TCP/601 |
Data Provided from Integration ⫘
| Auth | DNS | HTTP | Management | Netflow | NIDS | Process | Thirdparty | |
|---|---|---|---|---|---|---|---|---|
| Akamai App & API Protector | D | Y |
Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections
Note
XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.
Akamai SIEM CEF Connector Documentation ⫘
Follow Akamai’s documentation to set up the SIEM Integration. In Step 4, continue with the instructions for implementing Akamai SIEM CEF Connector.
There are several parameters required for the Akamai SIEM CEF Connector to function as intended. Many of them can be left at their default values, but a few require manual configuration, using values that are unique to each customer’s Akamai environment, such as akamai.data.requesthost and akamai.data.baseurl.
For XDR. to properly receive and normalize events from the Akamai SIEM CEF Connector, use the following configuration file values, in addition to the other fields required by Akamai:
| Configuration Filename | Parameter | Required Value |
|---|---|---|
| CEFConnector.properties | akamai.cefformatheader | CEF:0|Akamai|akamai_siem|1.0|eventClassId()|name()|severity() |
| log4j2.xml | CEFHost | IP address of the XDR Collector |
| log4j2.xml | CEFPort | 601 |
| log4j2.xml | CEFProtocol | TCP |
Example Query Language Searches ⫘
To search for Akamai App & API Protector events from the last 24 hours:
`FROM http WHERE sensor_type = 'Akamai App & API Protector' AND EARLIEST=-24h`
To search for http events associated with a specific URL:
`FROM http WHERE sensor_type = 'Akamai App & API Protector' AND uri_host = 'test.domain.com'`
To search for http events associated with a specific source IP address:
`FROM http WHERE sensor_type = 'Akamai App & API Protector' AND source_address = '11.22.33.44'`