Realm.Security Documentation

Appearance

Akamai Security Events Integration

Configuring Akamai integration for Realm Security

Realm supports two methods to collect Akamai Security events:

  1. Using the SIEM CEF Connector
  2. Periodically polling the Akamai SIEM Integration API directly.

Either approach works well. Please use the approach that fits well within your network topology and deployment.

1. SIEM CEF Connector

Realm Security receives Akamai Security Events via the SIEM CEF Connector. ObjectsMenu

Prerequisites

  • Administrative access to the Akamai Control Center
  • SIEM Integration turned on for your Akamai instance. Read more in the Akamai SIEM Integration Documentation
    • Take note of the desired Configuration IDs you want data from

Realm Console

  1. Create a new Akamai ASEC CEF Source.
  2. Either create a new collector, or use an existing one.
  3. Create a new Stream to that collector using the Akamai CEF product format and select Octet Counting for the Framing.
  4. Follow the Realm Collector install guide to set up and install the collector.
    • Take note of the FQDN or IP address of the collector instance, as well as the port.

Akamai Control Center: Configure Akamai SIEM CEF log forwarding

You can see more options on how to configure logging in the Akamai SIEM CEF Connector logging docs.

  1. Set CEFHost to the IP or FQDN of the Collector installation configured previously.
  2. Set CEFPort to the correct port of the Realm Collector Syslog Stream.
  3. Set CEFProtocol to TCP.
  4. Install the CEF connector on the desired server following the Akamai documentation to Install the CEF connector.

2. Akamai SIEM Integration API

Realm Security collects Security Events via the Akamai SIEM Integration API. ObjectsMenu

Prerequisites

  • An Akamai Client Token, Client Secret, and Access Token for authenticating to the Akamai SIEM Integration API. Instructions for setting up an API client can be seen in the Akamai Edgegrid Documentation
  • SIEM Integration turned on for your Akamai instance. Read more in the Akamai SIEM Integration Documentation
    • Take note of the desired Configuration IDs you want data from
  • Take note of the Hostname of your Akamai instance

Realm Console

  1. Create a new Akamai ASEC source.
  2. Create an input feed on the source with the Akamai ASEC transport method and fill in the Host, Client Token, Client Secret, Access Token, Configuration IDs, and Limit.