Akamai APIs API Documentation

SIEM Integration API

Number of APIs: 1

Use the Security Information and Event Management (SIEM) API to collect security event data from the Akamai platform and integrate it with other data sources within your SIEM solution. This API is compatible with events from Akamai products including API Protector, Kona Site Defender, Client Reputation, Web Application Protector, Bot Manager, and Account Protector.

You can capture security event data incrementally, or replay missed security events from the past 12 hours. You can store, query, and analyze the data delivered through this API on your end, then go back and adjust your Akamai security settings.

Authentication

Create an authentication credential that contains the client token and client secret required to authenticate Akamai API requests.

Navigate to the Identity and Access Management section of Akamai Control Center and click Create API Client.

Note: If you don't have access to the Identity and Access Management tool, contact your local Akamai Control Center admin or your Akamai account team for assistance.

Click Quick and then Download in the Credentials section.

Note: If you need to refine access levels or permissions, see Create a client with custom permissions.

Open the downloaded file with a text editor and add [default] as a header above all text.

  [default]
  client_secret = C113nt53KR3TN6N90yVuAgICxIRwsObLi0E67/N8eRN=
  host = akab-h05tnam3wl42son7nktnlnnx-kbob3i3v.luna.akamaiapis.net
  access_token = akab-acc35t0k3nodujqunph3w7hzp7-gtm6ij
  client_token = akab-c113ntt0k3n4qtari252bfxxbsl-yvsdj

Fork the [Akamai Authentication] environment, populate the variables, and [set it for your workspace]

Dependencies

To enable this API, choose the API service named SIEM, and set the access level to READ-WRITE.
Ensure that the Manage SIEM user role is assigned to your account in Control Center. Follow the instructions in the guide.

Integration methods

You can use this API collection in these integration methods: - API

1. Events - Fetch security events

GET https://{{host}}/siem/v1/configs/:configId

Get security events data from your security configurations using one of two modes: offset or time-based. Each mode orders event logs based on the logs' storage time in the database, not the time when the events actually occurred. This may result in delayed event logs in subsequent offset requests, or older event logs in time-based requests. While both methods have a 5-second latency, using offset allows subsequent calls to return logs for the 5 seconds omitted from the previous request. The time-based method omits logs from that 5 seconds of latency, so you may miss some logs from that period.

If the connection is disrupted, use time-based mode to replay security events that occurred in the last 12 hours up to 5 seconds before your requested time range. Use offset and limit parameters in offset mode. Use from, to, and limit parameters in time-based mode. The potentially large response contains a series of JSON objects, each separated with a line break and each corresponding to a security event. The last line of the response is an offset context object that provides total records fetched, an offset to use a starting point for the next batch of data, and any limit you specified. Run this operation continuously as long as it returns new logs to ensure you don't miss any. The API may return a maximum of 600,000 logs per request, while your configurations might generate many more in periods of high traffic.