Integrate EAA with any SIEM using ULS
Use the Unified Log Streamer (ULS) to integrate with any SIEM.
- Enterprise Application Access (EAA)
- Enterprise Threat Protector
- Akamai phish-proof Multi Factor Authenticator
The modular design of ULS allows out-of-the-box integration with many SIEM solutions such as GRAYLOG, QRADAR, or SPLUNK platform.
The ULS tool does REST API calls to Akamai Enterprise APIs and transports the data or security events which can be easily alerted by the customer’s SIEM environment.
It is very flexible to deploy and operate the ULS. It can be run as a docker container or hosted standalone in your environment. ULS can send data into any SIEM that supports either TCP, UDP or HTTP ingestion, both on-premises and cloud. Also, it is easy to get started since no coding or learning of the Enterprise APIs are required
- EAA access logs
- EAA admin audit logs
- EAA connector health
You can find more information about the ULS open-source code on github at ULS repository.
You can find more information about documentation for any of any of the SIEM platforms like GRAYLOG, QRADAR, or SPLUNK at: https://github.com/akamai/uls/tree/main/docs/SIEM
To use the ULS tool in your SIEM environment:
- Configure the credentials for EAA API. You will need an EAA API key. See Generate an API key
- Clone the binary from the github repository. It can be hosted as a Docker container or standalone binary on a host machine running Linux, macOS (Intel CPU). Note: Windows OS is not supported.
- Configure any of the different feeds that you would want to observe in your SIEM platform and obtain alerts.