SNYPR 6.

2
AKAMAI WEB APPLICATION FIREWALL
SNYPR 6.2 Data Source Guide

Securonix Proprietary Statement

This material constitutes proprietary and trade secret information of Securonix, and shall not be disclosed to any third
party, nor used by the recipient except under the terms and conditions prescribed by Securonix.
The trademarks, service marks, and logos of Securonix and others used herein are the property of Securonix or their
respective owners.

Securonix Copyright Statement

This material is also protected by Federal Copyright Law and is not to be copied or reproduced in any form, using any
medium, without the prior written authorization of Securonix.
However, Securonix allows the printing of the Adobe Acrobat PDF files for the purposes of client training and reference.
Information in this document is subject to change without notice. The software described in this document is furnished
under a license agreement or nondisclosure agreement. The software may be used or copied only in accordance with
the terms of those agreements. Nothing herein should be construed as constituting an additional warranty. Securonix
shall not be liable for technical or editorial errors or omissions contained herein. No part of this publication may be
reproduced, stored in a retrieval system, or transmitted in any form or any means electronic or mechanical, including
photocopying and recording for any purpose other than the purchaser's internal use without the written permission of
Securonix.
Copyright 2018 © Securonix All rights reserved.

Contact Information
Securonix, Inc.
14665 Midway Rd. Ste. 100, Addison, TX 75001
www.securonix.com
855.732.6649

Revision History

Date Product Version Description

7/9/2018 6.2 First Release

Page | 2
Copyright © 2018 Securonix, Inc.
SNYPR 6.2 Data Source Guide

Table of Contents
2
Akamai 4
What is Akamai? 4
Akamai Configuration 4
Configure Akamai in SNYPR 4
Supported Collection Methods 8
Functionality 8
Taxonomy 8
Device Event Field Mapping 8
Akamai Mappings to SNYPR Fields 8
References 9

Page | 3
Copyright © 2018 Securonix, Inc.
SNYPR 6.2 Data Source Guide
Akamai

Akamai
This data source guide will provide information on how to integrate Akamai and how the data source events
are parsed, normalized, and categorized to SNYPR fields. In particular, it provides the following:
l Device event field mapping
l Device event severity mapping
l Device event categorization
To download the Akamai parser from the Securonix Threat Library, search Available Resources Types for
Deployment by Vendor name or Functionality. Downloading the resource downloads the parser along with
the applicable policies and threat models.

What is Akamai?
Akamai web application firewall (WAF) provides protection against web application-layer attacks such as
SQL injection, malicious file execution, cross site scripting, etc. that can penetrate and cripple a website,
diminishing performance and exposing an enterprise to data breaches.

Akamai Configuration
Follow the steps below to configure Akamai in SNYPR.

Configure Akamai in SNYPR

1. Log in to SNYPR and navigate to Menu > Add Data > Activity.

Page | 4
Copyright © 2018 Securonix, Inc.
SNYPR 6.2 Data Source Guide
Akamai

2. Click + in the upper-left corner, then click Create Custom Device Type.

3. Configure the following values to match the fields required in your DEVICE TYPE INFORMATION
section:
a. Vendor: Akamai Technologies
b. Functionality: Firewall
c. Device Type: Akamai Web Application Firewall
d. Resource Type: Key Value Pair
e. Collection Method: Akamai

Page | 5
Copyright © 2018 Securonix, Inc.
SNYPR 6.2 Data Source Guide
Akamai

4. Enter a name in the Datasource Name field.

5. Complete the following information in the COLLECTION METHOD section:

a. Request URL Host
b. Client Token

Page | 6
Copyright © 2018 Securonix, Inc.
SNYPR 6.2 Data Source Guide
Akamai

c. Client Secret
d. Access Token
e. Base URL
f. Config URL
g. Select Start Date/Time

Page | 7
Copyright © 2018 Securonix, Inc.
SNYPR 6.2 Data Source Guide
Akamai

6. Click GET PREVIEW in the upper-right corner to preview the input.

Supported Collection Methods

The method of collection is Akamai API.

Functionality
The functionality of Akamai is Firewall. See Use Cases by Functionality for a complete list of policies for this
functionality.

Taxonomy
Securonix Open Event Format (OEF) 1.0 is used. OEF is an event interoperability standard/schema. It
provides a set of standardized attributes (fields) for consistent representation of logging output from disparate
security and non-security devices and applications. For additional information, refer to the Data Dictionary
section on the Securonix documentation portal.

Device Event Field Mapping

This section lists the mappings of SNYPR fields to the device fields.

Akamai Mappings to SNYPR Fields

Akamai Field SNYPR Field

httpMessage.start DATETIME

type customstring1

attackData.rules transactionstring1

Page | 8
Copyright © 2018 Securonix, Inc.
SNYPR 6.2 Data Source Guide
Akamai

Akamai Field SNYPR Field

geo.country transactionstring2

httpMessage.protocol applicationprotocol

httpMessage.method requestmethod

httpMessage.host destinationhostname

httpMessage.port destinationport

httpMessage.status eventoutcome

httpMessage.bytes bytesout

Transaction transactionstring1

IPAddress ipaddress

attackData.clientIP deviceaddress

httpMessage.path filepath

httpMessage.query filetype

References
Akamai SIEM-CEF Connector: https://github.com/akamai/siem-cef-connector
Documentation on SIEM Integration: https://developer.akamai.com/tools/siem-integration/index.html
Collect Logs for Akamai Cloud Monitor: https://help.sumologic.com/Send-Data/Applications-and-Other-
Data-Sources/Akamai-Cloud-Monitor/01-Collect-Logs-for-Akamai-Cloud-Monitor-App
Wikipedia: https://en.wikipedia.org/wiki/Akamai_Technologies

Page | 9
Copyright © 2018 Securonix, Inc.