icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Akamai SIEM Integration
SHA256 checksum (akamai-siem-integration_1420.tgz) 6b385083e58e034ca4f80b92d964596fb14a4dbba53852b329c49b120d8abaaa SHA256 checksum (akamai-siem-integration_1419.tgz) f2b84470aff88a38121ff3e7963ff749241592cd6eba9d6aa0b84d40a03b1d83 SHA256 checksum (akamai-siem-integration_1418.tgz) 7ff674bdf415f70bcdd5586844a8da68c114fdf95da8b02ae4c424ed37e9ecc5 SHA256 checksum (akamai-siem-integration_1417.tgz) 315ba5f5036bcc4e8f9700601e477785e12d89e6e7260915283f1bd47daa7133
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

splunk

Akamai SIEM Integration

Splunk Cloud
Overview
Details
It’s common for companies with mature security organizations to have a Security Operations Center (SOC) that leverages security information and event management (SIEM) tools. SIEM provides a centralized view for security teams to easily access and analyze security information from a large number of sources, and prioritize mitigation efforts based on risk profiles.

SIEM Integration is a comprehensive solution for capture, retention, and delivery of security information and events in real-time to SIEM applications. Customers using Kona Site Defender, Client Reputation, Web Application, or Bot Manager (BETA) can analyze security events generated on the Akamai platform and correlate them with security events generated from other sources.

System Requirements

Akamai’s Splunk Connector requires Oracle JRE 1.8+. Download the latest from the Oracle Java site (Java Platform, Standard Edition) or install it from a software distribution package on Linux.

You must have Java installed on the host running Splunk Enterprise https://java.com/en/download/

Also, check to make sure that splunk forwarder is NOT installed on your Splunk Enterprise host machine.

Proxy server

To access the SIEM API from behind a proxy server, ensure that your proxy:

whitelists the domains *.cloudsecurity.akamaiapis.net and *.luna.akamaiapis.net
does not interfere with HTTP request headers for those domains. If, due to a strict enterprise security policy, your proxy does change these headers, make sure that at a minimum you allow and don't change the Host and Authorization headers.
Hardware Requirements

This application is has been tested with the following operating systems:

CentOS 7
Windows Server 2012 R2
Mac OS X El Capitan Version 10.11.6
Some additional hardware requirements:

4 CPU cores
16 GB RAM
2GB Free Disk Space

Detailed Documentation: https://techdocs.akamai.com/siem-integration/docs/siem-splunk-connector

Installation Instructions: https://techdocs.akamai.com/siem-integration/docs/siem-splunk-connector#install-the-splunk-connector

Splunk Cloud install instructions
Option 1(Victoria & Classic):

  • Install Akamai add-on on an on-prem Heavy forwarder.
  • Configure the heavy forwarder to forward events to your Splunk Cloud.

Option 2(Victoria):

  • Install Akamai add-on on all of your Splunk Cloud indexers.
  • You may install Akamai add-on on your search heads but make sure only on one search head data input is enabled.
  • You need to have Java 8 (JRE 1.8) or above installed(& added to your PATH) in your search head that you have data input enabled.
  • Please make sure when you create/edit the AKAMAI SIEM API data input that you use akamaisiem as the sourcetype, as this is how the props.conf has been configured.

Release Notes

Version 1.4.20
Jan. 5, 2024

Changes include: Fix json indexing for aggregated queries.

Version 1.4.19
June 13, 2023

Changes include: Add 2 new optional fields (username & originUserId) for UserRiskData.

Version 1.4.18
May 17, 2023

Version 1.4.18
Changes include: Make splunk server cert validation optional.

Version 1.4.17
Dec. 20, 2022

Version 1.4.17
Changes include: Upgrade splunk-java-sdk to latest v1.9.3.


Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk LLC in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.