/
Akamai SIEM collector
Document toolboxDocument toolbox

Akamai SIEM collector

Owned by Andrea Vazquez Varela, created
Last updated: Apr 04, 2025 by Virginia Camuñas Núñez
[ 1 Configuration requirements ] [ 2 Overview ] [ 3 2.x to 3.x migrating guide ] [ 4 Devo collector features ] [ 5 Data sources ] [ 6 Flattening preprocessing ] [ 7 Vendor setup ] [ 8 Minimum configuration required for basic pulling ] [ 9 Accepted authentication methods ] [ 10 Run the collector ] [ 11 Collector services detail ] [ 12 Collector operations ] [ 13 Change log ]

Configuration requirements

To run this collector, there are some configurations detailed below that you need to consider.

Configuration

Details

Configuration

Details

Access token

The access token is required to authenticate requests to the Akamai SIEM API.

Client secret

The client secret is required for secure authentication alongside the access token.

Client token

The client token is necessary for identifying and authenticating API requests.

Host

The host specifies the endpoint for the Akamai SIEM API.

Refer to the Vendor setup section to know more about these configurations.

Overview

The Akamai SIEM Collector is designed to retrieve and aggregate security event data from the Akamai platform. Using Akamai's SIEM Integration API, it enables seamless collection of security logs and events, allowing organizations to centralize this critical information in their SIEM systems. This ensures streamlined analysis and improved threat detection by providing real-time, actionable insights into security-related activities across their infrastructure.

2.x to 3.x migrating guide

If you are migrating from v2.x to v3.x, you can find a complete guide in this article.

Devo collector features

Feature

Details

Feature

Details

Allow parallel downloading (multipod)

  • not allowed

Running environments

  • collector server

  • on-premise

Populated Devo events

  • table

Flattening preprocessing

  • no

Data sources

This collector extracts data from the Akamai SIEM log service:

  • Akamai SIEM security events: Retrieves security event data using an offset to ensure seamless data collection, starting from the last message pulled.

Data Source

Description

API Endpoint

Collector Service Name

Devo Table

Available from release

Data Source

Description

API Endpoint

Collector Service Name

Devo Table

Available from release

Security events

Get security events from a determined offset. This offset specifies the last message pulled, for the first execution this value will be NULL and for successive requests will use the offset obtained in every response from the API.

/siem/v1/configs

security_events

cdn.akamai.siem

v1.0.0

For more information on how the events are parsed, visit our page

Flattening preprocessing

This collector does not implement flattening

Vendor setup

To configure the Akamai SIEM Collector Service, follow these steps:

  1. Access Akamai Control Center:

  2. Assign the Manage SIEM Role:

    • Navigate to the Identity and Access Management section.

    • Ensure that the Manage SIEM user role is assigned to your account.

    • For detailed instructions, refer to the Role-based access controls.

  3. Create Authentication Credentials:

    • In the API Credentials section, create new credentials.

    • Select the API service named SIEM and set the access level to READ-WRITE.

    • Generate and securely store the following credentials:

      • Client Token

      • Client Secret

      • Access Token

    • Detailed steps can be found in the Get started guide.

  4. Configure the SIEM API Endpoint:

    • Identify the appropriate hostname for the API endpoint.

    • Ensure Akamai’s connector is configured to communicate with this endpoint.

  5. Implement the EdgeGrid Authentication Scheme:

    • Ensure that Akamai’s connector supports the Akamai EdgeGrid authentication scheme.

    • Configure Akamai’s connector with the Client Token, Client Secret, and Access Token obtained earlier.

    • For implementation details, refer to the SIEM Integration API.

  6. Enable SIEM Integration:

    • In the Akamai Control Center, navigate to the SIEM Integration section of your security configuration.

    • Turn on SIEM Integration and enable data collection.

    • Refer to the SIEM Integration Guide for detailed instructions.

Minimum configuration required for basic pulling

Although this collector supports advanced configuration, the fields required to retrieve data with basic configuration are defined below.

This minimum configuration refers exclusively to those specific parameters of this integration. There are more required parameters related to the generic behavior of the collector. Check setting sections for details.

Setting

Details

Setting

Details

access_token

The access token is required to authenticate requests to the Akamai SIEM API.

client_secret

The client secret is required for secure authentication alongside the access token.

client_token

The client token is necessary for identifying and authenticating API requests.

host

The host specifies the endpoint for the Akamai SIEM API, typically in the format {host}.

configs_id

The configuration ID identifies the specific set of logs or security events to retrieve.

See the Accepted authentication methods section to verify what settings are required based on the desired authentication method.

Accepted authentication methods

EdgeGridAuth

Details

EdgeGridAuth

Details

access_token

The access token is required to authenticate requests to the Akamai SIEM API.

client_secret

The client secret is required for secure authentication alongside the access token.

client_token

The client token is necessary for identifying and authenticating API requests.

Run the collector

Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).

Collector services detail

This section is intended to explain how to proceed with specific actions for services.

Security events service

Collector operations

This section is intended to explain how to proceed with specific operations of this collector.

Change log

Release

Released on

Release type

Details

Recommendations

Release

Released on

Release type

Details

Recommendations

v3.0.0

Jan 10, 2025

BUG FIX
IMPROVEMENT

Improvements:

  • Separated Security Events and Event Viewer services.

  • Refactored code using templates.

  • Enhanced pull logic and persistence.

Bug fixes:

  • Refactored collector freezing under high load.

  • Upgraded DCSDK from 1.10.3 to 1.13.1.

Recommended version

 

v2.1.0

Feb 15, 2024

BUG FIX
IMPROVEMENT

Improvements:

  • Improved API limits to align with official documentation.

  • Upgraded DCSDK from 1.10.2 to 1.10.3.

Bug fixes:

  • Fixed API rate limits causing slowdowns.

Update

v2.0.0

Jan 18, 2024

IMPROVEMENT

Improvements:

  • Refactored source code.

  • Introduced new templates and enhanced logging

  • Upgraded DCSDK from 1.2.0 to 1.10.2.

Update