Akamai Kona

Use the IBM Security QRadar Custom Properties for Akamai Kona Content Extension to closely monitor your Akamai Kona deployment.

IBM Security QRadar Custom Properties for Akamai Kona Content Extension 1.0.0

The following table shows the custom properties in IBM Security QRadar Custom Properties for Akamai Kona Content Extension 1.0.0.

Table 1. Custom Properties in IBM Security QRadar Custom Properties for Akamai Kona Content Extension 1.0.0
Name Optimized Capture Group Expression
Action Yes 1 /"attackData"/"ruleActions"
Bytes No 1 /"httpMessage"/"bytes"
Content Type No 1 Content-Type:\s(.*?)\\
Hostname Yes 1 Server:\s(.*?)\\
Method No 1 /"httpMessage"/"method"
Referer URL Yes 1 Referer:\s(.*?)\\
Region Yes 1 country":"(.*?)"
Response Code No 1 /"httpMessage"/"status"
Rule Details Yes 1 /"attackData"/"ruleData"
Rule ID Yes 1 /"attackData"/"policyId"
Rule Name Yes 1 /"attackData"/"rules"
URL Path No 1 /"httpMessage"/"path"
URL Query String No 1 /"httpMessage"/"query"
UrlHost Yes 1 /"httpMessage"/"host"
User Agent No 1 User-Agent:\s(.*?)\\