Configure an Akamai Kona data source by using the Akamai Kona REST API connectorprotocol

Collect events from Akamai Kona in the QRadar® product by using the Akamai Kona REST API protocol.

Collect events from Akamai Kona REST API:
  1. Configure Akamai Kona to send Security events to the QRadar product by using the Akamai Kona REST API connector.
  2. Configure Akamai Kona to communicate with the QRadar product.
    Note: The Akamai KONA data source type supports only JSON formatted events. Akamai's sample CEF and Syslog connector does not work with the Akamai KONA data source type.
  3. Add a data source in the QRadar product.
    The following table describes the parameters that require specific values for Akamai KONA data source type event collection:
    Table 1. Akamai KONA data source type parameters
    Parameter Value
    Data source type Akamai KONA
    Connector type Akamai Kona REST API
    Host

    Provided during the SIEM OPEN API provisioning in the Akamai Luna Control Center. The Host is a unique base URL that contains information about the appropriate rights to query the security events. This parameter is a password field because part of the value contains secret information.
    Client Token

    One of the two security parameters. This token is paired with Client Secret to make the client credentials. This token can be found after you provision the Akamai SIEM OPEN API.
    Client Secret One of the two security parameters. This secret is paired with Client Token to make the client credentials. This token can be found after you provision the Akamai SIEM OPEN API.
    Access Token

    Security parameter that is used with client credentials to authorize API client access for retrieving the security events. This token can be found after you provision the Akamai SIEM OPEN API.
    Security Configuration ID

    ID for each security configuration that you want to retrieve security events for. This ID can be found in the SIEM Integration section of your Akamai Luna portal. You can specify multiple configuration IDs in a comma-separated list. For example: configID1,configID2.
    Use Proxy

    If the QRadar product accesses Akamai Kona by using a proxy, enable Use Proxy.

    If the proxy requires authentication, configure the Proxy Server, Proxy Port, Proxy Username, and Proxy Password fields.

    If the proxy does not require authentication, configure the Proxy Server and Proxy Port fields.
    Automatically Acquire Server Certificate

    Select Yes for the QRadar product to automatically download the server certificate and begin trusting the target server.
    Recurrence

    The time interval between data source queries to the Akamai SIEM API for new events. The time interval can be in hours (H), minutes (M), or days (D).

    The default is 1 minute.
    EPS Throttle

    The maximum number of events per second.

    The default is 5000.

    For a complete list of Akamai Kona REST API connector parameters and their values, see Amazon Web Services connector configuration options.

For more information about adding a data source in the QRadar product, see Adding ingestion data sources.