Guide

Real-time Connector Metrics using SIEM providers

Suggest Edits

You can use SIEM providers like DataDog and TrafficPeak to monitor, analyze, investigate any health issue, security incidents, and perform data visualization for your EAA Connectors. You can send CPU, Memory, and Network metrics of the EAA Connectors for creating Dashboards for visualization.

📘

Note:

This is a limited-availability (LA) feature and can be enabled in your contract by contacting Akamai Support.

It involves these steps:

  1. Provide the agent-id of the connector which you will use for queries to Akamai support.
  2. Configure the EAA Management Portal to send the metrics to a SIEM provider.
  3. Select the SIEM provider of your choice
    • View the metrics, create graphs, dashboards in Datadog.
    • View the metrics, create graphs, dashboards in TrafficPeak.

Send metrics to a SIEM provider

Prerequisite: You must have a connector version greater than 24.03.00.150

You can send different connector metrics like CPU, memory, and network to your DataDog SIEM provider.

Follow this procedure to send these metrics:

  1. Log in to the Enterprise Center.
  2. In the Enterprise Center navigation menu, select Application Access > General Settings > Settings > Company Settings.
  3. Go to the System monitoring SIEMs section.
  4. Enable Send metrics, to send the connector metrics like CPU, memory and network to your SIEM provider to monitor, investigate issues, and perform data visualization. If you disable Send metrics for more than 24 hours, the data is lost for the disabled period.

The connector metrics sent to SIEM providers are:

CPU Metrics: cpu.usage_active, cpu.usage_idle

Memory Metrics: mem.available, mem.available_percent, mem.dirty, mem.mapped, mem.total, mem.used, mem.used_percent

Network Metrics: net.bytes_recv, net.bytes_sent, net.drop_in, net.drop_out, net.err_in, net.err_out, net.packets_recv, net.packets_sent, net.speed

  1. Active SIEM. Select the name of the SIEM provider. Datadog and TrafficPeak are supported for this release. You can also click on the edit SIEM (pencil icon) to edit the SIEM parameters. You can click remove SIEM, to delete the SIEM provider and start another configuration.
  2. You must provide the parameters needed to connect to the SIEM Server of your choice. The parameters are different for different SIEM providers.
    • To connect to TrafficPeak SIEM server, provide these parameters:
      SIEM type. TrafficPeak

Encryption Token. Provide the token to securely send the connector metrics data to the SIEM provider. You can obtain the encryption token from the Hydrolix

Username. Specify the username you use to login to the server.

Password. Specify the password you use to login to the server.

  • To connect to DataDog SIEM provider, provide these parameters:

SIEM type. DataDog.

Server. Provide the server hostname of the SIEM provider.

Copy hostname server

Encryption Token. Provide the token to securely send the connector metrics data to the SIEM provider. You can obtain the encryption token from the API Keys from DataDog. See Add an API key or Client Token in Datadog documentation. You can click on the show encryption token (eye icon) to check if you entered it correctly, in case you have trouble connecting to the SIEM server.

Copy Datadog API keys

  1. Click Test and Save, to test the connectivity. If EAA can communicate to Datadog SIEM correctly, changes are saved.

You should be able to receive the EAA Connector metrics in your SIEM provider dashboard to perform diagnosis, data visualization, and troubleshoot any security incidents.


View metrics in Datadog Explorer

In Datadog Metrics Explorer, follow these steps for data visualization:

  1. Use the Add Query, to add the name of the Metrics you want to visualize in a graph.
  2. For the from option, add the agent-id: of the EAA connector. You can obtain this information from Akamai support.
  3. Select the time period.

A graph is generated for the chosen metrics.

Here’s an example of the EAA Connector’s CPU usage metrics in Datadog Metrics Explorer:

Datadog visualization example

For more details on data visualization, see Datadog documentation.

View metrics in TrafficPeak

You can visualize EAA connector metrics as follows:

  1. Go to https://dashboards.trafficpeak.live/
  2. Log into your Grafana account.
  3. Click the + sign at the top-right corner and select New Dashboard.
  4. Click + Add visualization button.
  5. For Select data source, select grafana-clickhouse-datasource
  6. For Editor Type, select SQL Editor.
  7. For Query Type, select Time Series.
  8. You can add custom variables for the table, time, and sql in the Settings of your dashboard:

table:

SELECT concat(project,'.',name) as table FROM (SELECT database as project, name FROM system.tables WHERE engine = 'TurbineStorage' AND (project != 'sample_project' AND project != 'hdx'))

time:

SELECT primary_key FROM system.tables WHERE database = splitByChar('.','${table}')[1] AND table = splitByChar('.','${table}')[2]

sql:

SELECT name FROM system.columns WHERE database = splitByChar('.','${table}')[1] AND table = splitByChar('.','${table}')[2] LIMIT 1

You can reuse these variables in your queries.

  1. Set the table name, duration, and refresh period of your dashboard:

  1. In your panel editor, time series is selected as the default visualization style.
    You can add different panels to your dashboard. Provide a Title, optional Description under Panel Options, and click Save Dashboard.

For example, here you can see a time series graph for net bytes received:

net bytes received

For more information, refer to Building Dashboards, Time Series Visualization sections of Grafana documentation.

Switching between SIEM provider

You can switch between different SIEM providers like DataDog and TrafficPeak.

Follow this procedure to switch SIEM providers:

  1. Log in to the Enterprise Center.
  2. In the Enterprise Center navigation menu, select Application Access > General Settings > Settings > Company Settings.
  3. Go to the System monitoring SIEMs section.
  4. You should have enabled Send metrics.
  5. Active SIEM. Select the SIEM that you wish to change like DataDog or TrafficPeak.
    For the dialog box, SIEM switch confirmation, click Confirm.
  6. Provide the respective parameters to connector to the SIEM server as described in Send Metrics to SIEM server.
  7. This SIEM provider is switched to the new one and data is streamed to it for visualization.

Updated 37 minutes ago