Akamai Kona sample event messages

Use these sample event messages as a way of verifying a successful integration with QRadar.

The following table provides a sample event message when you use the Akamai Kona REST API protocol for the Akamai KONA DSM:
Note: Each event might contain multiple Event IDs and Names.
Table 1. Akamai KONA sample message supported by Akamai Kona REST API.
Event name Low-level category Sample log message
The application is not available - Deny Rule Warning
{"type":"akamai_siem","format":"json","version":"1.0","attackData":{"configId":"<Config Id>","policyId":"<Policy Id>","clientIP":"192.0.2.0","rules":"970901","ruleVersions":"1","ruleMessages":"Application is not Available (HTTP 5XX)","ruleTags":"AKAMAI/BOT/UNKNOWN_BOT","ruleData":"Vector Score: 4, DENY threshold: 2, Alert Rules: 3990001:970901, Deny Rule: , Last Matched Message: Application is not Available (HTTP 5XX)","ruleSelectors":"","ruleActions":"monitor"},"httpMessage":{"requestId":"<Request Id>","start":"1517337032","protocol":"HTTP/1.1","method":"GET","host":"siem-sample.csi.edgesuite.net","port":"80","path":"path","requestHeaders":"User-Agent: curl/7.35.0Host: siem-sample.csi.edgesuite.netAccept: */*edge_maprule: ksd","status":"403","bytes":"298","responseHeaders":"Server: AkamaiGHostMime-Version: 1.0Content-Type: text/htmlContent-Length: 298Expires: Tue, 30 Jan 2018 18:30:32 GMTDate: Tue, 30 Jan 2018 18:30:32 GMTConnection: close"},"geo":{"continent":"<Continent>","country":"<Country>","city":"<City>","regionCode":"<Region Code>","asn":"<asn>"}}
Anomaly Score Exceeded for Outbound Suspicious Activity
{"type":"akamai_siem","format":"json","version":"1.0","attackData":{"configId":"<Config Id>","policyId":"<Policy Id>","clientIP":"192.0.2.0","rules":"OUTBOUND-ANOMALY","ruleVersions":"4","ruleMessages":"Anomaly Score Exceeded for Outbound","ruleTags":"AKAMAI/POLICY/OUTBOUND_ANOMALY","ruleData":"curl_85D6E381D300243323148F63983BD735","ruleSelectors":"","ruleActions":"alert"},"httpMessage":{"requestId":"<Request Id>","start":"1517337032","protocol":"HTTP/1.1","method":"GET","host":"siem-sample.csi.edgesuite.net","port":"80","path":"path","requestHeaders":"User-Agent: curl/7.35.0Host: siem-sample.csi.edgesuite.netAccept: */*edge_maprule: ksd","status":"403","bytes":"298","responseHeaders":"Server: AkamaiGHostMime-Version: 1.0Content-Type: text/htmlContent-Length: 298Expires: Tue, 30 Jan 2018 18:30:32 GMTDate: Tue, 30 Jan 2018 18:30:32 GMTConnection: close"},"geo":{"continent":"<Continent>","country":"<Country>","city":"<City>","regionCode":"<Region Code>","asn":"<asn>"}}