Configure an Akamai Kona log source by using the Akamai Kona REST API protocol
Collect events from Akamai Kona in QRadar® by using the Akamai Kona REST API protocol.
- If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM® Support Website onto your QRadar
- Protocol Common RPM
- Akamai Kona REST API RPM
- DSMCommon RPM
- Akamai KONA DSM RPM
- Configure Akamai Kona to send Security events to QRadar by using the Akamai Kona REST API protocol.
- Configure Akamai Kona to communicate with QRadar.Note: The Akamai KONA DSM supports only JSON formatted events. Akamai's sample CEF and Syslog connector does not work with the Akamai KONA DSM.
- Add a log source in QRadar. The following table describes the log source parameters that require specific values for Akamai KONA DSM event collection:
Table 1. Akamai KONA DSM log source parameters Parameter Value Log Source Type Akamai KONA Protocol Configuration Akamai Kona REST API Host
Provided during the SIEM OPEN API provisioning in the Akamai Luna Control Center. The Host is a unique base URL that contains information about the appropriate rights to query the security events. This parameter is a password field because part of the value contains secret information.
One of the two security parameters. This token is paired with Client Secret to make the client credentials. This token can be found after you provision the Akamai SIEM OPEN API.
Client Secret One of the two security parameters. This secret is paired with Client Token to make the client credentials. This token can be found after you provision the Akamai SIEM OPEN API. Access Token
Security parameter that is used with client credentials to authorize API client access for retrieving the security events. This token can be found after you provision the Akamai SIEM OPEN API.
Security Configuration ID
ID for each security configuration that you want to retrieve security events for. This ID can be found in the SIEM Integration section of your Akamai Luna portal. You can specify multiple configuration IDs in a comma-separated list. For example: configID1,configID2.
If QRadar accesses Akamai Kona by using a proxy, enable Use Proxy.
If the proxy requires authentication, configure the Proxy Server, Proxy Port, Proxy Username, and Proxy Password fields.
If the proxy does not require authentication, configure the Proxy Server and Proxy Port fields.
Automatically Acquire Server Certificate
Select Yes for QRadar to automatically download the server certificate and begin trusting the target server.
The time interval between log source queries to the Akamai SIEM API for new events. The time interval can be in hours (H), minutes (M), or days (D).
The default is 1 minute.
The maximum number of events per second.
The default is 5000.
For more information about this protocol, see Akamai Kona REST API protocol configuration options.