Overview
This pack enables using a Web Application Firewall (WAF), a security filter that protects against HTTP-based attacks by inspecting traffic before it reaches your application.
Note:
Use the native collector for log ingestion. The event collector will be deprecated in the next Cortex XSIAM version.
This pack includes
Data normalization capabilities:
- Parsing and modeling rules normalize logs ingested via the Cortex XSIAM native collector.
- The
akamai_waf_rawdataset enables querying ingested Akamai WAF SIEM logs in XQL Search.
Data Collection
Akamai WAF side
- Go to
WEB & DATA CENTER SECURITY>Security Configuration> choose your configuration >Advanced settings> Enable SIEM integration. - Open Control panel and login with the admin account.
- Open the
identity and access managementmenu. - Create a user with
Manage SIEMpermissions or make sure the admin has permission to manage the SIEM. - Log in to the new account you just created.
- Open the
identity and access managementmenu. - Create a
new api client for me. - Assign an API key to the relevant user group, and on the next page assign
Read/Writeaccess forSIEM. - Save the configuration and go to the API detail you just created.
- Click
new credentialsand download or copy it. - Use the credentials to configure Akamai WAF in Cortex XSIAM.
For more information, see here.
Cortex XSIAM side - native collector
To access the Akamai WAF SIEM on your Cortex XSIAM tenant:
- In the navigation pane, click Settings and click Data Sources
- At the top-right corner, click Add Data Source
- Search for Akamai WAF SIEM and click Connect.
####
