Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Sample Event Message

 

Use these sample event messages as a way of verifying a successful integration with JSA.

The following table provides a sample event message when using the Akamai Kona REST API protocol for the Akamai KONA DSM:

Note

Each event might contain multiple Event IDs and Names.

Table 1: Akamai KONA sample message supported by Akamai Kona REST API.

Event name

Low level category

Sample log message

The application is not available - Deny Rule

Warning

{"type":"akamai_siem","format":"json", "version":"1.0","attackData":{"configId":"<Config_Id>" ,"policyId":"<Policy Id>","clientIP":"192.0.2.0", "rules":"970901","ruleVersions":"1","ruleMessages": "Application is not Available (HTTP 5XX)","ruleTags" :"AKAMAI/BOT/UNKNOWN_BOT","ruleData":"Vector Score : 4, DENY threshold: 2, Alert Rules: 3990001:970901 , Deny Rule: , Last Matched Message: Application is not Available (HTTP 5XX)","ruleSelectors":"", "ruleActions":"monitor"},

"httpMessage":{"requestId":”<Request Id>","start":"1517337032","protocol": "HTTP/1.1","method":"GET","host":"siem-sample.csi .edgesuite.net","port":"80","path":"path","request Headers":"User-Agent: curl/7.35.0Host: siem-sample. csi.edgesuite.netAccept: */*edge_maprule: ksd","status":"403","bytes":"298","responseHeaders": "Server: AkamaiGHostMime-Version: 1.0Content-Type: text/htmlContent-Length: 298Expires: Tue, 30 Jan 2018 18:30:32 GMTDate: Tue, 30 Jan 2018 18:30:32 GMTConnec tion: close"},"geo":{"continent":"<Continent>","country”:”<Country>",

"city:”:<City>”,”regionCode”

:<RegionCode>”,”asn”:<asn>”}}

Anomaly Score Exceeded for Outbound

Suspicious Activity

{"type":"akamai_siem","format":"json", "version":"1.0","attackData":{"configId":"<Config Id>","policyId":"<Policy Id>","clientIP":"192.0.2.0", "rules":"OUTBOUND-ANOMALY","ruleVersions":"4","rule Messages":"Anomaly Score Exceeded for Outbound", "ruleTags":"AKAMAI/POLICY/OUTBOUND_ANOMALY","rule Data":"curl_85D6E381D300243323148F63983BD735","rule Selectors":"","ruleActions":"alert"},"httpMessage": {"requestId":”<Request Id>”,”start":"1517337032", "protocol":"HTTP/1.1","method":"GET","host":"siemsample. csi.edgesuite.net","port":"80","path":"path", "requestHeaders":"User-Agent: curl/7.35.0Host: siemsample. csi.edgesuite.netAccept: */*edge_maprule: ksd" ,"status":"403","bytes":"298","responseHeaders": "Server: AkamaiGHostMime-Version: 1.0Content-Type: text/htmlContent-Length: 298Expires: Tue, 30 Jan 2018 18:30:32 GMTDate: Tue, 30 Jan 2018 18:30:32 GMTConnection: close"},"geo":{"continent":

<Continent>","country”:”<Country>",

"city:”:<City>”,”regionCode”:

<RegionCode>”,”asn”:<asn>”}}