Integrate EAA with any SIEM using ULS

Use the Unified Log Streamer (ULS) to integrate with any SIEM.

You can integrate EAA with any Security and Event Management (SIEM) using the Unified Log Streamer (ULS). The (ULS) is designed to simplify SIEM integrations for all Akamai Secure Enterprise Access Products:
  • Enterprise Application Access (EAA)
  • Enterprise Threat Protector
  • Akamai phish-proof Multi Factor Authenticator

The modular design of ULS allows out-of-the-box integration with many SIEM solutions such as GRAYLOG, QRADAR, or SPLUNK platform.

The ULS tool does REST API calls to Akamai Enterprise APIs and transports the data or security events which can be easily alerted by the customer’s SIEM environment.

It is very flexible to deploy and operate the ULS. It can be run as a docker container or hosted standalone in your environment. ULS can send data into any SIEM that supports either TCP, UDP or HTTP ingestion, both on-premises and cloud. Also, it is easy to get started since no coding or learning of the Enterprise APIs are required

In EAA, we provide different data feeds like:
  • EAA access logs
  • EAA admin audit logs
  • EAA connector health
You can choose any or all of these data feeds for your preferred SIEM solution. You can refer to Use EAA logs with SIEM, API, or Unified Log Streamer for more details.

You can find more information about the ULS open-source code on github at ULS repository.

You can find more information about documentation for any of any of the SIEM platforms like GRAYLOG, QRADAR, or SPLUNK at: https://github.com/akamai/uls/tree/main/docs/SIEM

To use the ULS tool in your SIEM environment:

  • Configure the credentials for EAA API. You will need an EAA API key. See Generate an API key
  • Clone the binary from the github repository. It can be hosted as a Docker container or standalone binary on a host machine running Linux, macOS (Intel CPU). Note: Windows OS is not supported.
  • Configure any of the different feeds that you would want to observe in your SIEM platform and obtain alerts.