Wazuh and Akamai SIEM Integration

50 views

Skip to first unread message

Daniel D'Angeli

unread,

Jan 30, 2025, 3:52:59 AM1/30/25

to Wazuh | Mailing List

Hi,

i am planning to integrate Wazuh with Akamai using their SIEM Integration API. I was wondering if it was possible to code an integration script like the ones dedicated to azure, aws and so on.

Looking at the documentation i dont see anything related to custom integrations.

Any tips?

Regards,

Daniel D.

hasitha.u...@wazuh.com

unread,

Jan 30, 2025, 5:59:20 AM1/30/25

to Wazuh | Mailing List

Hi Daniel,

According to the Akamai documentation, this is the event flow:

Security events generated in Akamai
Akamai security events collector + API
Connector
Your SIEM

It looks like you need a connector that will use Akamai’s SIEM API to retrieve security events in JSON format from the Akamai Security Events Collector. The connector converts the format (it will not be necessary since Wazuh decoded JSON automatically) and sends security events to Wazuh.

https://techdocs.akamai.com/siem-integration/docs/akamai-siem-integration-for-splunk-and-cef-syslog

https://techdocs.akamai.com/siem-integration/reference/api

Decide where you want to run the collector: in a Wazuh agent or in the Wazuh manager.

https://documentation.wazuh.com/current/installation-guide/wazuh-agent/index.html

Create a script to pull the data every X minutes using the API.

The script can send the data to:

A file: Then, you can read this file with Wazuh.

https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/index.html

Finally, since the events are in JSON, they would be decoded automatically. So, you only will need to create the rules.

https://documentation.wazuh.com/current/user-manual/ruleset/ruleset-xml-syntax/rules.html

https://documentation.wazuh.com/current/user-manual/ruleset/rules/custom.html#custom-rules

https://wazuh.com/blog/creating-decoders-and-rules-from-scratch/