Skip to content

dsztykman/siem-aka-logstash

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
akamai-siem_template.json
akamai-siem_template.json
 
 
json_siem.conf
json_siem.conf
 
 
siem-aka.py
siem-aka.py
 
 

Repository files navigation

Siem-aka-logstash

Logstash Docker Image for Akamai SIEM connector

To use it create an env file which will contain all the variables required. You should setup the following variables:

# The script writes its state to consul
ENV CONSUL_HOST "consul"
ENV CONSUL_PORT "9500"
ENV CONSUL_SCHEME "http"

# This is the SIEM connector ID that is sent with API calls
ENV CONNECTORID ""

# Edgegrid credentials
ENV EG_CLIENT_TOKEN ""
ENV EG_CLIENT_SECRET ""
ENV EG_ACCESS_TOKEN ""
ENV EG_BASE_URL ""

# Set this to the actual elasticsearch URL if required
ENV ES_URL "elasticsearch:9200"

# Elasticsearch indexes will be created with this prefix
ENV ES_INDEX ""

In this image we're storing the offset information into consul a distributed key value store which allows multiple logstash to fetch data from Akamai

About

Logstash connector for Akamai SIEM

Topics

elasticsearch kibana logstash akamai-open siem

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages