Akamai Kona REST API protocol configuration options

To receive events from your Akamai Kona Platform, configure a log source to use the Akamai Kona REST API protocol.

The Akamai Kona REST API protocol is an outbound/active protocol that queries the Akamai Kona Platform and sends events to the QRadar Console.

The following table describes the parameters that require specific values for Akamai KONA DSM event collection.
Table 1. Akamai KONA DSM log source parameters
Parameter Value
Log Source Type Akamai KONA
Protocol Configuration Akamai Kona REST API
Log Source Identifier

Type a unique name for the log source.

The Log Source Identifier can be any valid value and does not need to reference a specific server. It can also be the same value as the Log Source Name. If you have more than one configured Akamai KONA DSM log source, ensure that you give each one a unique name.

Host The Host value is provided during the SIEM OPEN API provisioning in the Akamai Luna Control Center. The Host is a unique base URL that contains information about the appropriate rights to query the security events. This parameter is a password field because part of the value contains secret client information.
Client Token Client Token is one of the two security parameters. This token is paired with Client Secret to make the client credentials. This token can be found after you provision the Akamai SIEM OPEN API.
Client Secret Client Secret is one of the two security parameters. This secret is paired with Client Token to make the client credentials. This token can be found after you provision the Akamai SIEM OPEN API.
Access Token Access Token is a security parameter that is used with client credentials to authorize API client access for retrieving the security events. This token can be found after you provision the Akamai SIEM OPEN API.
Security Configuration ID

Security Configuration ID is the ID for each security configuration that you want to retrieve security events for. This ID can be found in the SIEM Integration section of your Akamai Luna portal. You can specify multiple configuration IDs in a comma-separated list. For example, configID1,configID2.

Use Proxy

If QRadar accesses the Amazon Web Service by using a proxy, enable Use Proxy.

If the proxy requires authentication, configure the Proxy Server, Proxy Port, Proxy Username, and Proxy Password fields.

If the proxy does not require authentication, configure the Proxy IP or Hostname field.

Automatically Acquire Server Certificate Select Yes for QRadar to automatically download the server certificate and begin trusting the target server.
Recurrence

The time interval between log source queries to the Akamai SIEM API for new events. The time interval can be in hours (H), minutes (M), or days (D). The default is 1 minute.

EPS Throttle

The maximum number of events per second that QRadar ingests.

If your data source exceeds the EPS throttle, data collection is delayed. Data is still collected and then it is ingested when the data source stops exceeding the EPS throttle.

The default is 5000.