The content on this page deals with a legacy feature of the Akamai Identity Cloud. If you are currently an Identity Cloud customer and are using SIEM event delivery, that feature is still supported. However, if youโre new to the Identity Cloud, SIEM event delivery is no longer available.
Security Event and Information Management (SIEM) is a recognized standard for collecting, aggregating, and analyzing events that take place on a website or within an app. Identity Cloudโs SIEM event delivery service can inform you, in near real-time, each time a specified event occurs. See Identity Cloud SIEM events for more information on the events available to the SIEM event service.
To name just one example, SIEM can send a notification each time a user tries, and fails, to log in. A handful of failed logins is to be expected. On the other hand, a sudden flurry of failed logins might be cause for alarm. For example, that sudden flurry can indicate anything from network congestion to a problem with your sign-in process to an Internet attack of some kind. Regardless, SIEM alerts you to the problem, giving you the opportunity to respond as, and when, needed.
To a certain extent, working with the SIEM falls outside the purview of the SIEM event delivery service API. For example, SIEM events are delivered to an Amazon Web Services S3 bucket. However, the SIEM event delivery service API canโt be used to retrieve those events, nor can they be used to import those events into a SIEM analysis tool such as Splunk or IBM QRadar.
However, the SIEM API does enable you to:
-
Activate and deactivate the service. Event notifications are only sent โ and are only maintained โ when the service is active.
-
Manage the SIEM event blocklist. SIEM notifications aren't sent for any of the event types listed on the blocklist. For example, if
entityDeletedis on the blocklist then you wonโt receive a notification any time a user profile is deleted. Use the APIs to add event types to, and remove event types from, the blocklist. -
Manage your SIEM event delivery service public keys. These keys provide access to the Amazon S3 bucket.
Click the link to download the Identity Cloud REST API Postman collection.