Akamai Unified Log Streamer (ULS) is a free-of-charge solution that allows you to stream Akamai MFA Authentication events data feeds into your SIEM solution.
With ULS, you can simplify SIEM integrations for different Akamai Secure Enterprise Access products including Enterprise Application Access (EAA) and Akamai MFA.
This tool lets you:
- Perform real-time streaming to SIEMs providing TCP, UDP or HTTP(S) injection
- Write into files for further processing
- Customize your logs
- Filter any data you want to discard before sending it to SIEM
- Run ULS as a standalone code (python) as a ready-to-use Docker container, or use helm to deploy to your Kubernetes cluster.
The modular design of ULS allows for out-of-the-box integration with many SIEM solutions, such as Graylog or Splunk.
The ULS tool does REST API calls to Akamai Enterprise APIs and transports the authentication events data, which can be alerted by the customer’s SIEM environment.
ULS is easy to get started since no coding or learning of the Enterprise APIs is required. It's also easy to deploy and operate. You can run it as a docker container or hosted standalone in your environment. ULS sends data into any SIEM that supports either TCP, UDP, or HTTP ingestion, both on-premises, and cloud.
To use ULS in your SIEM environment, follow these steps:
- Configure your credentials for Akamai MFA API.
- Clone the binary from github ULS repository. Host it either as a Docker container or as a standalone binary on a host machine running Linux, macOS (Intel CPU).
Windows OS is not supported.
- Configure any of the different feeds that you want to observe in your SIEM platform and obtain alerts for.
You can find more information about the ULS open-source code in the ULS repository.
For more information about configuring ULS with SIEM platforms like Graylog, or Splunk, go to the Akamai SIEM repository.
Updated over 1 year ago