© AKAMAI - EDGE 2017 Connecting your SIEM tool with Akamai security events 

© AKAMAI - EDGE 2017 Agenda • Introduction • The SIEM Integration Product • Integration Steps • Demo of Data Analysis • More about SIEM Integration • Q&A 

© AKAMAI - EDGE 2017 Introduction Security Information and Event Management “Real-time analysis of security alerts generated by network hardware and applications.” Ø Data Aggregation Ø Correlation Ø Alerting Ø Dashboards Ø Compliance Ø Retention Ø Forensic Analysis 

© AKAMAI - EDGE 2017 Benefits of using a SIEM product • Streamline reporting • Easier to produce reports • Built-in compliance reporting in some SIEM products • Detect incidents that would otherwise not be detected • Correlate events across systems • Initiate prevention • Improve the efficiency of incident handling activities • Faster response reduces damage 

© AKAMAI - EDGE 2017 Akamai Solutions Cloud Monitor for Security Events SIEM Integration Push Model Pull Model Custom integration with SIEM required, done by customer Sample Connectors available for Splunk, CEF (HPE ArcSight and others) and (soon) Qradar Custom connectors can be built using the SIEM OPEN API. Configured using Property Manager Configured in Security Configuration and Luna Administration WAF Events only KSD, Client Reputation, WAP, Bot Manager (soon) 

© AKAMAI - EDGE 2017 Data Freshness and Retention Security Monitor Security Center Cloud Monitor for Security Events SIEM Integration Delay from when event happens to when published 2 minutes < 1 minute < 7 minutes (but usually less) How long data is retained 3 days (Security Monitor) 14 days (report details) 90 days (report summaries) N/A 12 hours via SIEM API In SIEM tool: as long as you want 

© AKAMAI - EDGE 2017 How SIEM Integration Works Edge Server Collector Edge Server Edge Server Edge Server SIEM OPEN API endpoint SIEM Product Connector OPEN API Client 

© AKAMAI - EDGE 2017 Integration Steps Step 1: Turn on SIEM Integration in the Security Configuration Step 2: Create a user to own the SIEM OPEN API Client Step 3: Create a SIEM OPEN API Client and get the credentials Step 4: Install a connector to insert events into your SIEM tool 

© AKAMAI - EDGE 2017 Integration Steps Step 1: Turn on SIEM Integration in the Security Configuration Activate it on the production network 

© AKAMAI - EDGE 2017 Integration Steps Step 2: Create a user with Manage SIEM role 

© AKAMAI - EDGE 2017 Integration Steps Step 3: Provision the SIEM OPEN API Client… 

© AKAMAI - EDGE 2017 Integration Steps Step 3 (continued): …and get the API credentials 

© AKAMAI - EDGE 2017 Integration Steps Step 4: Download the Connector from developer.akamai.com/tools 

© AKAMAI - EDGE 2017 Integration Steps Step 4 (continued): Install the Connector 

© AKAMAI - EDGE 2017 Integration Steps Step 4 (continued): Configure the Connector Hostname, Client Token, Client Secret are the OPEN API credentials Epoch Times can be use to re-fetch data 

© AKAMAI - EDGE 2017 Integration Steps Not working? • Check log file (e.g. ta_akamai_siem_akamai_siem_api.log) for errors Most Common Issue? Outbound Firewall Requirements • Must support whitelisting domains • *.cloudsecurity.akamaiapis.net,*.edgekey.net, *.akamaiedge.net, *.akamaitechnologies.com • Must not modify HTTP Request Headers for the OPEN API requests 

© AKAMAI - EDGE 2017 Other Useful Information CEF Connector • Runs as batch program • Sends data to syslog in CEF format Custom Connector • Use the SIEM Integration API to write your own custom connector • Source code for Splunk and CEF connectors will be available as samples 

© AKAMAI - EDGE 2017 Demo ELK stack (Elastic, LogStash, Kibana) • Custom Elastic SIEM connector • Details of available data • Data Analysis • Use of RequestID 

© AKAMAI - EDGE 2017 Services and Support A services package is available to assist you with setup, understanding the data, and how to integrate it into your environment. Sample Connector source will be available on the developer.akamai.com site. 

© AKAMAI - EDGE 2017 Questions ? 

© AKAMAI - EDGE 2017