SIEM settings
akamai_appsec_siem_settings
Update or delete Security Information and Event Management (SIEM) settings for a given security configuration. To delete a set of settings, run terraform destroy.
resource "akamai_appsec_siem_settings" "my_siem_settings" {
config_id = 12345
enable_siem = true
enable_for_all_policies = false
siem_id = 1
security_policy_ids = ["siem_123456"]
exceptions {
rate = ["alert"]
}
}
Arguments
Pass each of the required items to set SIEM enablement status for your security configuration. Use the exceptions argument to manage any attack type exclusions.
| Argument | Required | Description |
|---|---|---|
config_id |
✔️ | Your security configuration's ID |
enable_siem |
✔️ | Whether to enable SIEM settings in the given security configuration. |
enable_for_all_policies |
✔️ | Whether your SIEM settings apply to all security policies. If you set this to false, list the security policies to cover in the security_policy_ids argument. |
siem_id |
✔️ | SIEM settings definition version. Value is 1. |
security_policy_ids |
Conditionally required: A JSON list of security policy IDs on which to enable your settings. |
|
enable_botman_siem |
Whether to include Bot Manager events in your SIEM events.Important: While optional, use of this argument causes drift. Use with care. |
|
include_ja4_fingerprint_to_siem |
Whether to include JA4 Fingerprint in SIEM events. | |
exceptions |
A list of attack exceptions to ignore in your SIEM settings. For each attack exception you include, provide a Available
Possible actions: To exclude all actions, pass a value of
|
Attributes
There is no default standard output for this resource. Updates are reflected in your state file.
Updated 25 days ago