🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Akamai Enterprise Application Access (EAA) Integration Guide

integrations cloud akamai eaa


To integrate Akamai Enterprise Application Access (EAA) with Secureworks® Taegis™ XDR, you must follow Akamai’s guidance for implementing Akamai Unified Log Streamer (ULS). Akamai ULS is designed to simplify integrations with Extended Detection and Response (XDR) products, such as Taegis™ XDR. Once Akamai ULS has been implemented, you can configure Akamai ULS to send Akamai EAA events via syslog to a Taegis™ XDR Collector. Akamai EAA events are filtered and correlated in real-time for various security event observations.

Follow the instructions below to integrate and enable monitoring by Secureworks® Taegis™ XDR.

Connectivity Requirements

Source Destination Port/Protocol
Akamai ULS Taegis™ XDR Collector (mgmt IP) TCP/601

Data Provided from Integration

  Antivirus Auth DHCP DNS Email Encrypt File HTTP Management Netflow NIDS Process Thirdparty
Akamai Enterprise Application Access (EAA)   D           D          

Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections

Note

Taegis™ XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.

Akamai Requirements

The Taegis™ XDR integration with Akamai EAA requires Akamai’s Unified Log Streamer (ULS), which is available from Akamai. Follow Akamai’s documentation for implementing Akamai Unified Log Streamer (ULS).

Akamai Unified Log Streamer (ULS) Output Guidance

Upon implementing Akamai ULS, you must define a ULS OUTPUT to transmit Akamai EAA events to a Taegis™ XDR Collector via syslog. Use the following to define your parameters:

Akamai ULS Configuration Parameters

Shared ULS Environment Parameters

Input Parameters
Output Parameters

Unique EAA Access Environment Parameters

Input Parameters
Output Parameters

Unique EAA Admin Environment Parameters

Input Parameters
Output Parameters

Akamai EAA events are now logging to Taegis™ XDR via Akamai ULS.

Example Query Language Searches

To search for auth events from the last 24 hours:

`FROM auth WHERE sensor_type = 'Akamai EAA' and EARLIEST=-24h`

To search for http events from the last 24 hours:

`FROM http WHERE sensor_type = 'Akamai EAA' and EARLIEST=-24h`

 

On this page: