Send Prolexic data to your SIEM solution
In Infrastructure Security Analytics, you can configure your Security Information and Event Management (SIEM) solution as a destination for Prolexic security events. This allows you to monitor and respond to significant events in Prolexic. It also lets your organization receive and visualize critical security events on your preferred SIEM platforms.
You can send data on Prolexic attacks, alerts, and traffic events. The following table describes this data.
| Type of Data | Description |
|---|---|
| Prolexic Attacks | Focuses on triggered attack events. This data includes the time period the event was detected, the event severity, source, first and last seen dates and times, configuration, and IP addresses. |
| Prolexic Alerts | Focuses on triggered flow-based monitoring (FBM) alert events. This data includes Prolexic flow based anomalies that occurred in the selected time period, and other information, such as the severity, source, first and last seen dates and times, configuration, and IP addresses. |
| Prolexic Traffic | Focuses on pre-mitigation traffic flow that's ingested over the Prolexic scrubbing networks across all of your Prolexic security configurations. |
After your SIEM integration is in place, the following workflow occurs for data to reach your SIEM solution:
- A detected spike in Prolexic responses triggers an event.
- The event is sent to your SIEM (for example, Google SecOps).
- You can view and analyze the event on your SIEM dashboard.
Akamai retrieves the most recent Prolexic pre-mitigation traffic, alert, and event data every 30 minutes. Note the following:
- All pre-mitigation traffic that occurred during this 30 minute window is sent to your SIEM.
- If any alerts or events during this 30 minute window, this data is sent to your SIEM.
- All pre-mitigation traffic data is logged in five minute increments.
To learn more about Prolexic events, see Routed Reports.
Benefits
This feature offers the following benefits:
- Real-time notifications. Notifications of events are displayed on the Infrastructure Security Analytics page of Control Center and a message is sent to your SIEM. These real-time notifications allow you to promptly identify and respond to ongoing threats, whether or a not SIEM integration is enabled.
- Dashboard Analysis: With your SIEM solution, you can correlate Prolexic events with other events and data in your network, providing comprehensive threat analysis.
Setup instructions
For instructions on how to set up your SIEM solution as a destination for Prolexic security events, see the instructions for your specific solution.
| Solution | Instructions |
|---|---|
| Google Security Operations (Google SecOps) | Configure Google SecOps as a destination |
| Microsoft Sentinel | Configure Microsoft Sentinel as a destination |
| ServiceNow | Configure ServiceNow as a destination |
| Splunk | Configure Splunk as a destination |
Updated 11 days ago