Introduction to SIEM event delivery (legacy customers only)

📘

The content on this page deals with a legacy feature of the Akamai Identity Cloud. If you are currently an Identity Cloud customer and are using SIEM event delivery, that feature is still supported. However, if you’re new to the Identity Cloud, SIEM event delivery is no longer available.

The world is a busy place, and the ​Akamai​ Identity Cloud is no exception. New users come to your website and create accounts. Existing users come back to your website and log on. Users change their addresses and forget their passwords; support personnel create new entity type schemas and modify existing entity type schemas. As an Identity Cloud administrator, the list of event types that might be of interest to you goes on and on.

And on.

Anytime one of these events occurs, the ​Akamai​ Identity Cloud tracks what happened, and when (and where and ….). In turn, this information is stored in an events database, a tool that ​Akamai​ uses to do such things as help monitor performance and trends, help spot potential security issues, and help plan for future improvements to the product.

That’s great for ​Akamai​, but what about ​Akamai​ customers? Well, the good news is that a subset of these events has always been made available to Identity Cloud subscribers. The not-so-good news? As a general rule, accessing these events hasn’t always been easy (especially if you were interested in getting a copy of the raw data). Likewise, describing the events made available to customers a “subset of events” has been very apt: organizations have only been given access to a handful of events, most of which involved user logins and registrations. There’s nothing wrong with that: user logins and registrations are events organizations need to know about. At the same time, however, administrators are interested in more than just user logins and registrations. For better or worse, however, getting a handle on everything that talks place in the Identity Cloud – all the API clients that were created or deleted, all the entity types that were purged, all the access tokens that were granted – hasn’t always been easy.

To say the least.

Fortunately, and thanks to the new General Event Delivery service, those two problems – a lack of event types and difficulty accessing those events – are largely a thing of the past. For one thing, the General Event Delivery service will soon triple the number of events available to organizations, with even more event types on the way . On top of that, there are several different ways to access this event information, starting with the subject of this documentation: SIEM Event Delivery.

📘

Before you ask, SIEM (pronounced “sim”) is short for Security Information and Event Management, and is a recognized standard for aggregating, and analyzing, events within an IT organization. For more information, see the article SIEM event details.