akamai-security-events
Get security events from Akamai service.
akamai-security-events [profile=PROFILE] config-id=CONFIG-ID [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss] [raw=RAW]
- profile=PROFILE
- Akamai connect profile code
- config-id=CONFIG-ID
- Unique identifier for each security configuration.
- duration=NUM{mon|w|d|h|m|s}
- Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example,
10smeans data from 10 seconds earlier. - from=yyyyMMddHHmmss
- Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
- to=yyyyMMddHHmmss
- End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
- raw=RAW
- t or f. Specify 't' to output line field.
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| _time | Date | Time | Start time of session |
| profile | String | Connect profile | Akamai connect profile code |
| config_id | String | Config ID | Security configuration ID |
| req_id | String | Request ID | HTTP request identifier |
| src_ip | IP address | Source IP | Source IP address |
| src_reputation | String | Source reputation | e.g. ID=222.239.104.74;WEBSCRP=10 |
| signature | String | Signature | e.g. Scanning Tools (High Threat) |
| action | String | Action | e.g. PERMIT, DETECT, BLOCK |
| status | Integer | Status | e.g. 200, 403, 404, 500 |
| method | String | Method | e.g. GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH, CONNECT, TRACE |
| host | String | Host | e.g. acme.com |
| dst_port | Integer | Destination port | e.g. 443 |
| path | String | Path | e.g. /health/check |
| query | String | Query | |
| sc_bytes | Long | Download bytes | Bytes from server to client |
| http_ver | String | HTTP version | e.g. HTTP/1.1 |
| tls | String | TLS version | e.g. tls1.3 |
| req_headers | String | HTTP request headers | Line separated headers |
| resp_headers | String | HTTP response headers | Line separated headers |
| policy_id | String | Policy ID | e.g. 0001_256272 |
| rules | String | Rules | e.g. SQL-INJECTION-ANOMALY |
| rule_data | String | Rule data | e.g. Vector score: 1005, Group Threshold: 9, ... |
| rule_actions | String | Rule actions | e.g. monitor, alert, deny |
| rule_tags | String | Rule tags | e.g. AKAMAI/BOT/AKAMAI_CATEGORIZED |
| rule_selectors | String | Rule selectors | e.g. REQUEST_HEADERS:User-Agent |
| rule_versions | String | Rule versions | e.g. 1 |
| src_continent | String | Source continent | e.g. EU, NA, AS, SA |
| src_country | String | Source country | e.g. IE, US, KR, BR |
| src_region | String | Source region | e.g. VA, SP, TX |
| src_city | String | Source city | e.g. SEOUL, TOKYO, DUBLIN |