Security Analytics provides insights into security threats across various Akamai products, including Edge DNS, Prolexic, and App & API Protector. The platform enables you to identify and address vulnerabilities effectively.

The Destinations feature in Security Analytics allows you to manually send security events to third-party SIEM and IT Service Management destinations. By configuring destinations, you can enhance your security operations by receiving actionable events to help address vulnerabilities and improve your security posture.

Create a destination

This section describes how to create a destination for security events.

Supported destination types:

• ServiceNow
• Custom HTTPS

To create a new destination for receiving security events:

1. Navigate to the Security Analytics Destinations page by selecting the header button at the top of the application.
2. View and edit previously created destinations from this page.
3. To create a new destination, click the Create destination button in the top-right corner.
4. Select Outbound and follow the configuration steps.

📘

The system will perform a test POST API call to validate the connection to the selected destination.

Next Steps
After you create a destination, do one of the following:

• Configure a ServiceNow destination
• Configure a custom HTTPS destination

Configure a ServiceNow destination

This section describes how to configure a ServiceNow destination.

Prerequisites

Make sure you have the following information before you begin:

• ServiceNow Instance Name: The name of your ServiceNow instance. This is the prefix of your instance URL (e.g., https://{instance_name}.service-now.com).
• API Key: Generated in ServiceNow for token-based authentication. Ensure the associated account has permissions to allow POST calls to the "incident" table via the Table API.

To configure a ServiceNow destination:

1. Pre-configure your ServiceNow instance by creating:
   • An inbound authentication profile.
   • A REST API access policy.
   • An API key.
2. Refer to the official ServiceNow documentation for detailed instructions on generating the required credentials.

Next Step

Deliver events. For instructions, see Deliver events to a destination.

Configure a Custom HTTPS destination

This section describes how to configure a custom HTTPS destination.

Prerequisites

Make sure you have the following information before you begin:

• Endpoint URL: The secure URL where security events will be sent and stored.
• Basic Auth Credentials: The username and password used in the Authorization header for basic authentication.

To configure a custom HTTPS destination:

1. Verify that your endpoint supports basic authentication.
2. During configuration, click Validate & Save to:
   • Push a sample request to the provided endpoint.
   • Validate write access.
3. The sample request follows this format: {"accessValidation":true}.

Next Step

Deliver events. For instructions, see Deliver events to a destination.

Deliver events to a destination

After creating a destination, you can manually deliver security events to it. This section describes how to deliver events to your configured destination.

Supported security events:

• Dangling CNAMEs

To deliver events to a destination:

1. Navigate to the Security Analytics homepage.
2. From the list of zones, open the Actions menu on the right-hand side of a zone.
3. Select Destination Delivery.
4. Choose a previously created destination, the event type, and the specific security event.
5. Review the event delivery details.
6. Click Deliver to manually send the event to the selected destination.