Akamai events integration

[26ayush...@gmail.com]

Hello,

Could you please help me to integrate Akamai events into Wazuh. I'm unable to find a good documentation for it.

Below is an article which I found on Akamai site but not if this works for Wazuh as well.

https://developer.akamai.com/tools/integrations/siem

If you could provide a more clear steps it will be really great.

Thanks!

Best Regards,

Ayush Agarwal

[Jesus Linares]

Hi Ayush,

According to the Akamai documentation, this is the event flow:

1. Security events generated in Akamai
2. Akamai security events collector + API
3. Connector
4. Your SIEM

It looks like you need a connector that will use Akamai’s SIEM API to retrieve security events in JSON format from the Akamai Security Events Collector. The connector converts the format (it will not be necessary since Wazuh decoded JSON automatically) and sends security events to Wazuh.

In their documentation, there are several examples of connectors but Wazuh is not there. You must code your own connector. The steps would be:

1. Decide where you want to run the collector: in a Wazuh agent or in the Wazuh manager.
2. Create a script to pull the data every X minutes using the API. I think you should use this call: GET /siem/v1/configs/{configId}{?offset,limit,from,to}.
3. The script can send the data to:
   1. A file: Then, you can read this file with Wazuh.
   2. analsysd daemon (if you decide to run the module in the manager).
   3. agentd daemon (if you decide to run the module in the agent).
4. Finally, since the events are in JSON, they would be decoded automatically. So, you only will need to create the rules.
5. Create dashboards if necessary.

I hope it helps.

[Daniel D'Angeli]

Hi,

we've deloped a custom wodle to fetch the events produced by Akamai and ingest them into Wazuh. You may find it useful: https://github.com/SyncSecurityHQ/wazuh_akamai_integration

Regards,

Daniel D.