Akamai Kona Sample Event Messages
Use these sample event messages as a way of verifying a successful integration with JSA.
The following table provides a sample event message when you use the Akamai Kona REST API protocol for the Akamai KONA DSM:
Note:
Each event might contain multiple Event IDs and Names.
Event name |
Low level category |
Sample log message |
---|---|---|
The application is not available - Deny Rule |
Warning |
{"type":"akamai_siem","format":"json", "version":"1.0","attackData":{"configId":"<Config Id>" ,"policyId":"<Policy Id>","clientIP":"192.0.2.0", "rules":"970901","ruleVersions":"1","ruleMessages": "Application is not Available (HTTP 5XX)","ruleTags" :"AKAMAI/BOT/UNKNOWN_BOT","ruleData":"Vector Score : 4, DENY threshold: 2, Alert Rules: 3990001:970901 , Deny Rule: , Last Matched Message: Application is not Available (HTTP 5XX)","ruleSelectors":"", "ruleActions":"monitor"},"httpMessage":{"requestId" :"<Request Id>","start":"1517337032","protocol": "HTTP/1.1","method":"GET","host":"siem-sample.csi .edgesuite.net","port":"80","path":"path","request Headers":"User-Agent: curl/7.35.0Host: siem-sample. csi.edgesuite.netAccept: */*edge_maprule: ksd","status":"403","bytes":"298","responseHeaders": "Server: AkamaiGHostMime-Version: 1.0Content-Type: text/htmlContent-Length: 298Expires: Tue, 30 Jan 2018 18:30:32 GMTDate: Tue, 30 Jan 2018 18:30:32 GMTConnec tion: close"},"geo":{"continent":"<Continent>","count ry":"<Country>","city":"<City>","regionCode":"<Region Code>","asn":"<asn>"}} |
Anomaly Score Exceeded for Outbound |
Suspicious Activity |
{"type":"akamai_siem","format":"json", "version":"1.0","attackData":{"configId":"<Config Id> ","policyId":"<Policy Id>","clientIP":"192.0.2.0", "rules":"OUTBOUND-ANOMALY","ruleVersions":"4","rule Messages":"Anomaly Score Exceeded for Outbound", "ruleTags":"AKAMAI/POLICY/OUTBOUND_ANOMALY","rule Data":"curl_85D6E381D300243323148F63983BD735","rule Selectors":"","ruleActions":"alert"},"httpMessage": {"requestId":"<Request Id>","start":"1517337032", "protocol":"HTTP/1.1","method":"GET","host":"siemsample. csi.edgesuite.net","port":"80","path":"path", "requestHeaders":"User-Agent: curl/7.35.0Host: siemsample. csi.edgesuite.netAccept: */*edge_maprule: ksd" ,"status":"403","bytes":"298","responseHeaders": "Server: AkamaiGHostMime-Version: 1.0Content-Type: text/htmlContent-Length: 298Expires: Tue, 30 Jan 2018 18:30:32 GMTDate: Tue, 30 Jan 2018 18:30:32 GMTConnection: close"},"geo":{"continent":"<Continent> ","country":"<Country>","city":"<City>","regionCode": "<Region Code>","asn":"<asn>"}} |