Akamai WAF

The Akamai Web Application Firewall (WAF) offers real-time protection for web applications by filtering and blocking malicious HTTP traffic. It safeguards sensitive data, prevents unauthorized access, and ensures continuous application performance. For more information, refer to Akamai’s official documentation.

Integration Method: API

Tables: Detection Finding (2004)

This integration supports the following events.

This integration supports the following versions.

Prerequisites

• The user should have SIEM role access to create API tokens to retrieve data successfully.

• The user should have access to the DataBee console.

Configuration Overview

1. Generate client credentials with the required scopes.

2. Add the Akamai WAF data feed in the DataBee console with the below parameters.

   DataBee Parameter	Akamai WAF Parameter
   Access Token	access token
   Client Token	client token
   Client Secret	client secret
   Base URL (<Instance>)	host
   Config Id	Web Security Configuration Id

Akamai WAF Configuration

Before configuring the data source in the DataBee UI, you need to set up an SIEM Integration, SIEM User and API Client in the Akamai WAF dashboard to obtain the necessary credentials. Follow these steps:

Turn on SIEM Integration

1. Sign in to the Akamai Control Center Dashboard.
    

2. Click the three horizontal lines in the top-left corner to open the sidebar.
    

3. In the side bar menu, select Show all services option.
    

4. In the Show all services side menu, under the WEB & DATA CENTER SECURITY category, click on Security Configurations.

   
   

5. In the left sidebar, select the highlighted security configuration for which you want to collect SIEM data, and then click on Advanced Settings.
    

6. Click on the Data collection for SIEM Integration dropdown.
    

7. Within the dropdown configure the following

   • Toggle On to enable SIEM.

   • Select the security policies for data export based on your requirements: "All Security Policies" or "Specific Security Policies" (Refer to the documentation for more details.)

   • Copy the value from the Web Security Configuration ID field, as it will be needed later in the configuration process.
      

8. Once all the requirements are configured, click Activate.
    

NOTE:

If you want to enable SIEM integration for additional security configurations, repeat the preceding process for each configuration before continuing to Step 2.

Set up a user to manage SIEM

1. In the Control Center under ACCOUNT ADMIN, click on Identity & access.
    

2. On the Users and API Clients tab, follow either of the following steps

   • Click the Create user button if you wish to configure a new user.

   • Locate the existing user to whom you want to assign the role. (Refer Documentation for more details).
      

3. To assign the SIEM role to a new user, click Create User. Enter the user's basic information, then scroll down to the Assign Roles section. Find the appropriate group, click the Roles dropdown, and select the Manage SIEM role. Finally, click Submit.
    
   

   Note:

   Only the Manage SIEM role has the proper permissions: don't assign this role to any other user.

4. To assign the SIEM role to an existing user, open the user's account and click the “Edit Roles” tab.
    

5. Find the appropriate group, click the ‘Roles’ dropdown, and select the Manage SIEM role. Then, click Submit.
    

Provision SIEM API and get access tokens

1. In the Control Center under ACCOUNT ADMIN, click Identity & access.
    

2. Under Users and API Clients, click Create API client.
    

3. Choose the Myself option if you have the Manage SIEM role or click on Another User to create an API client for another user. Click the dropdown for Select User and select the user account that has the Manage SIEM role. Then, click Quick to create an API client.
    

4. The client tokens, including the Client Secret, Client Token, Access Token, and Host, will be displayed on the next page. Copy the credentials and download them for future use.
    

DataBee Configuration

1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
    

2. Search for the Akamai WAF and click it as shown below.
    

3. Click on the API Ingest option for collection method.
    

4. Enter feed contact information and click Next.
    

5. In the next dialog, enter the following:

   • Authorization Method: Akamai EdgeGrid

   • API Base URL: replace <instance> with your host.

   • Configuration ID: paste the Configuration ID.

   • Access Token: paste the Access Token.

   • Client Token: paste the Client Token.

   • Client Secret: paste the Secret.

   • Event Types: preselected for all the event types that integration pulls.

   

6. Click on Submit.

Troubleshooting Tips

• If you’re facing invalid_client or unauthorized_client issues this might be possibly due to incorrect credentials. Ensure the token is pasted correctly. Since you cannot view the token after the 1st time, re-create the token, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.

• If you are facing response code - 403 this might be possibly due to missing permissions. Ensure READ-WRITE access and Manage SIEM roles are assigned to only one user.