Sample Event Message

Use these sample event messages as a way of verifying a successful integration with JSA.

The following table provides a sample event message when using the Akamai Kona REST API protocol for the Akamai KONA DSM:

Note

Each event might contain multiple Event IDs and Names.

Table 1: Akamai KONA sample message supported by Akamai Kona REST API.

Event name	Low level category	Sample log message
The application is not available - Deny Rule	Warning	{"type":"akamai_siem","format":"json", "version":"1.0","attackData":{"configId":"<Config_Id>" ,"policyId":"<Policy Id>","clientIP":"192.0.2.0", "rules":"970901","ruleVersions":"1","ruleMessages": "Application is not Available (HTTP 5XX)","ruleTags" :"AKAMAI/BOT/UNKNOWN_BOT","ruleData":"Vector Score : 4, DENY threshold: 2, Alert Rules: 3990001:970901 , Deny Rule: , Last Matched Message: Application is not Available (HTTP 5XX)","ruleSelectors":"", "ruleActions":"monitor"}, "httpMessage":{"requestId":”<Request Id>","start":"1517337032","protocol": "HTTP/1.1","method":"GET","host":"siem-sample.csi .edgesuite.net","port":"80","path":"path","request Headers":"User-Agent: curl/7.35.0Host: siem-sample. csi.edgesuite.netAccept: /edge_maprule: ksd","status":"403","bytes":"298","responseHeaders": "Server: AkamaiGHostMime-Version: 1.0Content-Type: text/htmlContent-Length: 298Expires: Tue, 30 Jan 2018 18:30:32 GMTDate: Tue, 30 Jan 2018 18:30:32 GMTConnec tion: close"},"geo": {"continent":"<Continent>","country”:”<Country>", "city:”:<City>”,”regionCode” :<RegionCode>”,”asn”:<asn>”}}
Anomaly Score Exceeded for Outbound	Suspicious Activity	{"type":"akamai_siem","format":"json", "version":"1.0","attackData":{"configId":"<Config Id>","policyId":"<Policy Id>","clientIP":"192.0.2.0", "rules":"OUTBOUND-ANOMALY","ruleVersions":"4","rule Messages":"Anomaly Score Exceeded for Outbound", "ruleTags":"AKAMAI/POLICY /OUTBOUND_ANOMALY","rule Data":"curl_85D6E381D300243323148F63983BD735","rule Selectors":"","ruleActions":"alert"},"httpMessage": {"requestId":”<Request Id>”,”start":"1517337032", "protocol":"HTTP/1.1","method":"GET","host":"siemsample. csi.edgesuite.net","port":"80","path":"path", "requestHeaders":"User-Agent: curl/7.35.0Host: siemsample. csi.edgesuite.netAccept: /edge_maprule: ksd" ,"status":"403","bytes":"298","responseHeaders": "Server: AkamaiGHostMime-Version: 1.0Content-Type: text/htmlContent-Length: 298Expires: Tue, 30 Jan 2018 18:30:32 GMTDate: Tue, 30 Jan 2018 18:30:32 GMTConnection: close"},"geo":{"continent": <Continent>","country”:”<Country>", "city:”:<City>”,”regionCode”: <RegionCode>”,”asn”:<asn>”}}