{ "name": "akamai", "title": "Akamai", "version": "3.1.1", "release": "ga", "description": "Collect logs from Akamai with Elastic Agent.", "type": "integration", "download": "/epr/akamai/akamai-3.1.1.zip", "path": "/package/akamai/3.1.1", "icons": [ { "src": "/img/akamai_logo.svg", "path": "/package/akamai/3.1.1/img/akamai_logo.svg", "title": "Akamai", "size": "409×167", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.18.0 || ^9.0.0" } }, "owner": { "type": "community", "github": "elastic/security-service-integrations" }, "categories": [ "security", "cdn_security" ], "signature_path": "/epr/akamai/akamai-3.1.1.zip.sig", "format_version": "3.3.2", "readme": "/package/akamai/3.1.1/docs/README.md", "license": "basic", "assets": [ "/package/akamai/3.1.1/LICENSE.txt", "/package/akamai/3.1.1/changelog.yml", "/package/akamai/3.1.1/manifest.yml", "/package/akamai/3.1.1/validation.yml", "/package/akamai/3.1.1/docs/README.md", "/package/akamai/3.1.1/img/akamai_logo.svg", "/package/akamai/3.1.1/kibana/tags.yml", "/package/akamai/3.1.1/data_stream/siem/manifest.yml", "/package/akamai/3.1.1/data_stream/siem/sample_event.json", "/package/akamai/3.1.1/kibana/dashboard/akamai-e7568320-066a-11ed-9f6c-cb8079f147f7.json", "/package/akamai/3.1.1/data_stream/siem/fields/agent.yml", "/package/akamai/3.1.1/data_stream/siem/fields/base-fields.yml", "/package/akamai/3.1.1/data_stream/siem/fields/beats.yml", "/package/akamai/3.1.1/data_stream/siem/fields/fields.yml", "/package/akamai/3.1.1/data_stream/siem/agent/stream/cel.yml.hbs", "/package/akamai/3.1.1/data_stream/siem/agent/stream/gcs.yml.hbs", "/package/akamai/3.1.1/data_stream/siem/elasticsearch/ingest_pipeline/default.yml" ], "policy_templates": [ { "name": "akamai", "title": "Akamai logs", "description": "Collect SIEM logs from Akamai", "inputs": [ { "type": "cel", "title": "Collect Akamai SIEM logs via API", "description": "Collecting SIEM logs from Akamai via API" }, { "type": "gcs", "title": "Collect Akamai SIEM logs via Google Cloud Storage", "description": "Collecting SIEM logs from Akamai via Google Cloud Storage" } ], "multiple": true } ], "data_streams": [ { "type": "logs", "dataset": "akamai.siem", "title": "Akamai SIEM Logs", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "cel", "vars": [ { "name": "api_host", "type": "text", "title": "API Host", "description": "API Hostname in the form of http(s)://akzz-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.luna.akamaiapis.net without path", "multi": false, "required": true, "show_user": true, "default": "https://akzz-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.luna.akamaiapis.net" }, { "name": "client_token", "type": "password", "title": "Client Token", "description": "Client token provided by \"Credentials\" ui", "multi": false, "required": true, "show_user": true }, { "name": "client_secret", "type": "password", "title": "Client Secret", "description": "Client secret provided by \"Credentials\" ui", "multi": false, "required": true, "show_user": true }, { "name": "access_token", "type": "password", "title": "Access Token", "description": "Access token provided by \"Authorizations\" ui", "multi": false, "required": true, "show_user": true }, { "name": "config_ids", "type": "text", "title": "Zone ID", "description": "Unique identifier for each security configuration. To report on more than one configuration, separate integer identifiers with semicolons. ex. 12892;29182;82912", "multi": false, "required": true, "show_user": true }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Valid time units are ns, us, ms, s, m, h.", "multi": false, "required": false, "show_user": true, "default": "60s" }, { "name": "interval", "type": "text", "title": "Interval", "description": "Interval at which the logs will be pulled. The value must be between 2m and 1h. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "1h" }, { "name": "initial_interval", "type": "text", "title": "Initial Interval", "description": "Initial interval to poll for events. Default is the maximum allowed value of 12 hours. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "12h" }, { "name": "recovery_interval", "type": "text", "title": "Recovery Interval", "description": "Lookback period for data retrieval when the integration enters recovery mode. Default and maximum allowed value is 12 hours. Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": false, "default": "12h" }, { "name": "event_limit", "type": "integer", "title": "Event Limit", "description": "Defines the approximate maximum number of security events each fetch returns, in both offset and time-based modes. The default limit is 10000 and the maximum limit available is 600000. Listing an unlimited number of logs isn't possible. Expect requests to return a slightly higher number of security events than you set in the limit parameter, because data is stored in different buckets.", "multi": false, "required": false, "show_user": false, "default": 10000 }, { "name": "max_executions", "type": "integer", "title": "Maximum Pages Per Interval", "description": "Maximum Pages Per Interval is the maximum number of pages that can be collected at each interval.", "multi": false, "required": false, "show_user": false, "default": 5000 }, { "name": "proxy_url", "type": "text", "title": "Proxy URL", "description": "URL to proxy connections in the form of http\\[s\\]://:@:", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": true, "default": [ "akamai-siem", "forwarded" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. \nThis executes in the agent before the logs are parsed. \nSee [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html#_request_tracer_filename) for details.\n", "multi": false, "required": false, "show_user": false } ], "template_path": "cel.yml.hbs", "title": "Akamai SIEM logs", "description": "Collect Akamai logs via the SIEM API", "enabled": true, "ingestion_method": "API" }, { "input": "gcs", "vars": [ { "name": "project_id", "type": "text", "title": "Project Id", "description": "It is a required parameter to collect logs via GCS.", "multi": false, "required": true, "show_user": true, "default": "my-project-id" }, { "name": "service_account_key", "type": "password", "title": "Credentials json key", "description": "It is an optional parameter for authentication.", "multi": false, "required": false, "show_user": true }, { "name": "service_account_file", "type": "text", "title": "Credentials file path", "description": "It is an optional parameter for authentication.", "multi": false, "required": false, "show_user": false }, { "name": "number_of_workers", "type": "integer", "title": "Maximum number of workers", "description": "Determines how many workers are spawned per bucket.", "multi": false, "required": false, "show_user": true, "default": 3 }, { "name": "poll", "type": "bool", "title": "Polling", "description": "Determines if the bucket will be continuously polled for new documents.", "multi": false, "required": false, "show_user": true, "default": true }, { "name": "poll_interval", "type": "text", "title": "Polling interval", "description": "Determines the time interval between polling operations.", "multi": false, "required": false, "show_user": true, "default": "15s" }, { "name": "bucket_timeout", "type": "text", "title": "Bucket Timeout", "description": "Defines the maximum time that the sdk will wait for a bucket api response before timing out. Valid time units are ns, us, ms, s, m, h.", "multi": false, "required": false, "show_user": true, "default": "120s" }, { "name": "buckets", "type": "yaml", "title": "Buckets", "description": "This attribute contains the details about a specific bucket like, name, max_workers, poll, poll_interval and bucket_timeout. The attribute 'name' is specific to a bucket as it describes the bucket name, while the fields max_workers, poll, poll_interval and bucket_timeout can exist both at the bucket level and at the global level. If you have already defined the attributes globally, then you can only specify the name in this yaml config. If you want to override any specific attribute for a specific bucket, then, you can define it here. Any attribute defined in the yaml will override the global definitions. Please see the relevant [Documentation](https://www.elastic.co/guide/en/beats/filebeat/8.5/filebeat-input-gcs.html#attrib-buckets) for further information.\n", "multi": false, "required": true, "show_user": true, "default": "# You can define as many buckets as you want here.\n- name: siem_gcs_bucket_1\n- name: siem_gcs_bucket_2\n# The config below is an example of how to override the global config.\n#- name: siem_gcs_bucket_3\n# max_workers: 3\n# poll: true\n# poll_interval: 10s\n# bucket_timeout: 30s\n" }, { "name": "alternative_host", "type": "text", "title": "Alternative Host", "description": "Used to override the default host for the storage client (default is storage.googleapis.com)", "multi": false, "required": false, "show_user": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "akamai-siem" ] } ], "template_path": "gcs.yml.hbs", "title": "Collect Akamai SIEM logs via Google Cloud Storage", "description": "Collecting SIEM logs from Akamai via Google Cloud Storage.", "enabled": true, "ingestion_method": "Google Cloud Storage" } ], "package": "akamai", "path": "siem" } ] }