Quick Start Security for Akamai
Thank you!
We got your information.
Coralogix Extension For Akamai Includes:
Dashboards - 2
Gain instantaneous visualization of all your Akamai data.
Alerts - 6
Stay on top of Akamai key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.
A New SSL version not used within the last week
Akamai extension pack This alert will trigger when a new version of TLS will be used. An older version may indicate a legacy client but an invalid one may indicate an attack
A New value in User agent over a month
Akamai extension pack This alert will trigger if we detect a new user agent value in the range of a month. This will also trigger when a new UA version is available
A New value in requesting host
Akamai extension pack An appearance of a never seen before hostname (in a time frame of a month).
Abnormal increase in non secure traffic by Client IP
Akamai extension pack Abnormal increase in non secure traffic by Client IP. This alert will trigger if a rise in un-secure traffic volume is detected. A peak in unsecured connection may indicate a slow loris attack. https://www.netscout.com/what-is-ddos/slowloris-attacks
Identified more than usual amount of bots
Akamai extension pack This alert will trigger if an increase of verified bot entries is detected.
No logs from Akamai
This rule detects if there are no logs in the last 24 hours for Akamai in the customer account. Note- This alert should configured with relevant app & subsystem. Impact Disabling logging is a tactic that adversaries might employ as part of various MITRE ATT&CK techniques to avoid detection, cover their tracks, or impede incident response investigations. Mitigation Address logging concerns to ensure comprehensive monitoring within the Coralogix SIEM system. MITRE Tactic: TA0005 MITRE Technique:T1562
Integration
Learn more about Coralogix's out-of-the-box integration with Akamai in our documentation.
