SIEM settings

akamai_appsec_siem_settings

Update or delete Security Information and Event Management (SIEM) settings for a given security configuration. To delete a set of settings, run terraform destroy.

resource "akamai_appsec_siem_settings" "my_siem_settings" {
  config_id               = 12345
  enable_siem             = true
  enable_for_all_policies = false
  siem_id                 = 1
  security_policy_ids     = ["siem_123456"]
  exceptions {
    rate = ["alert"]
  }
}

Arguments

Pass each of the required items to set SIEM enablement status for your security configuration. Use the exceptions argument to manage any attack type exclusions.

Argument	Required	Description
`config_id`	✔️	Your security configuration's ID
`enable_siem`	✔️	Whether to enable SIEM settings in the given security configuration.
`enable_for_all_policies`	✔️	Whether your SIEM settings apply to all security policies. If you set this to `false`, list the security policies to cover in the `security_policy_ids` argument.
`siem_id`	✔️	SIEM settings definition version. Value is `1`.
`security_policy_ids`		Conditionally required: `enable_for_all_policies` is set to `false`. A JSON list of security policy IDs on which to enable your settings.
`enable_botman_siem`		Whether to include Bot Manager events in your SIEM events.
`exceptions`		A list of attack exceptions to ignore in your SIEM settings. For each attack exception you include, provide a `protection` argument with a value of an action type to ignore, `protection = ["action"]`. Available `protection` types: `ip_geo` `rate` `url_protection` `slow_post` `custom_rules` `waf` `api_request_constraints` `client_rep` `malware_protection` `bot_management` `apr_protection` Possible actions: To exclude all actions, pass a value of `*`. `alert` `deny` `all_custom` `abort` `allow` `delay` `ignore` `monitor` `slow` `tarpit`

Attributes

There is no default standard output for this resource. Updates are reflected in your state file.

Updated 3 months ago