Akamai SIEM collector migration guide (2.x.x to 3.0.0)

1 Akamai SIEM Collector Migration Guide
- 1.1 Preparing for Migration
- 1.2 Migration
- 1.3 Key Changes
- 1.4 Downgrading

Akamai SIEM Collector Migration Guide

For users upgrading to version 3.0.0, changes in the configuration files need to be applied to ensure compatibility. This section provides step-by-step instructions for a smooth migration process.

Preparing for Migration

Backup Your Current Configuration: Ensure you have a backup of your existing configuration files before proceeding.
Review the New Configuration Changes: Familiarize yourself with the changes introduced in version 3.0.0, particularly regarding the security_events section.

Migration

Changes in the security_events configuration:

The variable override_base_url has been renamed to host for better clarity. New variables were also introduced, and some have default values that can be overridden.

Before (Version <3.0.0):

"security_events": {
  "override_base_url": "<host>",
  "logs_limit": "<logs_limit>",
  "configs_id": "<configs_id>",
  "decode_attack_data_rules": <bool>
}

After (Version >=3.0.0):

"security_events": {
  "host": "<host_value>",
  "configs_id": "<configs_id>",
  "override_decode_attack_data_rules": <"override_decode_attack_data_rules">,
  "override_base_tag": <"override_base_tag_value">,
  "override_logs_limit": <"override_logs_limit_value">
}

Key Changes

override_base_url renamed to host.
Added override_base_tag for custom tag configuration.
logs_limit now defaults to 10000 but can be overridden with override_logs_limit.
decode_attack_data_rules defaults to False but can be overridden with override_decode_attack_data_rules.

Downgrading

Downgrade to a previous version is not compatible due to changes in the persistence layer. Ensure you fully transition to the updated configuration format before upgrading.