...
| Table of Contents |
|---|
Overview
We are providing you with the steps to integrate your Akamai with Seceon SIEM so One can have Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ).
Steps Of Configuration
Step 1. Navigate to Provisioning by clicking on the Provisioning tab located in the top menu bar of the application.
...
Step 2. Drop down Add on devices by clicking on the downward-facing arrow next to the 'Add on devices' option in the menu.
...
Pre-requisite
Akamai SIEM setting Configuration: https://techdocs.akamai.com/siem-integration/docs/akamai-siem-integration-for-splunk-and-cef-syslog
Create Authorization Creds: https://techdocs.akamai.com/developer/docs/set-up-authentication-credentials
...
To add the Akamai support, follow the steps that are mentioned below.
Device: Select the name of the device 'Akamai' in this section.
Name: We can take anything here according to our interest (mini. 3 character).
CCE Host: Enter the CCE IP
Access ID/Username: Enter Client Token
Password/Secret Key: Enter Client Secret
Config: Now in valid JSON Format in the last field enter your Host in host (without https://), Access token in access_token and security configuration ID in config_id.
{"host": "<host>", "access_token": "<access_token>" ,"config_id": "<config _d>id>"}
Click on the Save button.
Verification
STEP 1:Log in to UI >> SYSTEM
...
STEP 2: >> Logs and flows collection status
...
STEP 3: >>To verify the source device IP from the UI:
Log in to the user interface
Navigate to the "SYSTEM" section
Look for the "SOURCE DEVICE IP"
Check the IP address that is displayed
Compare the IP address displayed against the expected source device IP
This will allow you to ensure that the system is properly identifying the source device IP and that it matches the expected IP address..
...