Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel2
maxLevel2
typeflat

...

The Akamai Event Viewer Collector is designed to retrieve and aggregate event data related to user activities and configuration changes from the Akamai platform. Leveraging Akamai's Event Viewer API, this collector enables seamless access to historical event logs, allowing organizations to centralize operational insights and track important system events. By integrating this data into external monitoring or analytics platforms, organizations can enhance their auditing capabilities, streamline troubleshooting, and maintain a comprehensive record of key actions performed within their infrastructure.

Devo collector features

Feature

Details

Allow parallel downloading (multipod)

  • not allowed

Running environments

  • collector server

  • on-premise

Populated Devo events

  • table

Flattening preprocessing

  • no

Data sources

Data Source

Description

API Endpoint

Collector Service Name

Devo Table

Available from release

Event Viewer events

Retrieves user activity and system configuration events. Paginated data ensures efficient retrieval and access to historical logs.

/event-viewer-api/v1/events

event_viewer_events

cdn.akamai.eventviewer

v1.0.0

For more information on how the events are parsed, visit our page ← LINK TO THE PARSER ARTICLE IF EXISTS

Flattening preprocessing

This collector does not implement flattening.

...

Info

This minimum configuration refers exclusively to those specific parameters of this integration. There are more required parameters related to the generic behavior of the collector. Check setting sections for details.

Setting

Details

access_token

The access token is required to authenticate requests to the Akamai SIEM API.

client_secret

The client secret is required for secure authentication alongside the access token.

client_token

The client token is necessary for identifying and authenticating API requests.

host

The host specifies the endpoint for the Akamai SIEM API, typically in the format {host}.

configs_id

The configuration ID identifies the specific set of logs or security events to retrieve.

Info

See the Accepted authentication methods section to verify what settings are required based on the desired authentication method.

Accepted authentication methods

EdgeGridAuth

Details

access_token

The access token is required to authenticate requests to the Akamai SIEM API.

client_secret

The client secret is required for secure authentication alongside the access token.

client_token

The client token is necessary for identifying and authenticating API requests.

Run the collector

Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).

...

Expand
titleEnable/disable the logging debug mode

Sometimes it is necessary to activate the debug mode of the collector's logging. This debug mode increases the verbosity of the log and allows you to print execution traces that are very helpful in resolving incidents or detecting bottlenecks in heavy download processes.

  • To enable this option you just need to edit the configuration file and change the debug_status parameter from false to true and restart the collector.

  • To disable this option, you just need to update the configuration file and change the debug_status parameter from true to false and restart the collector.

For more information, visit the configuration and parameterization section corresponding to the chosen deployment mode.

Change log for v1.x.x

Release

Released on

Release type

Details

Recommendations

v1.0.0

Status
colourPurple
titleNEW FEATURE

The Akamai Event Viewer Collector aggregates and streams security event data from Akamai's platform for monitoring and analysis.

Recommended version