Skip to content

Akamai Enterprise Threat Protector

Akamai

About

Built on the Akamai Intelligent Platform™ and Akamai's AnswerX™ carrier-grade recursive DNS, Akamai's Protective DNS Service, Enterprise Threat Protector (ETP) proactively identifies and blocks targeted threats such as malware, ransomware, DNS data exfiltration, and phishing.

Product Details

Vendor URL: Akamai

Product Type: Web Gateway

Product Tier: Tier II

Integration Method: API

Integration URL: Akamai ETP

Parser Details

Log Format: JSON

Expected Normalization Rate: near 100%

Data Label: AKAMAI_ETP

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
"Akamai" metadata.vendor_name
"ETP" metadata.product_name
l7Protocol metadata.product_event_type
type metadata.product_event_type
sys_host observer.hostname
event.siteName observer.application
"DNS" network.application_protocol
query.uuid network.dns.additional.data
qtype network.dns.answers.type
answers.name network.dns.answers.response
query.dnsip network.dns.authority.name
query.domain network.dns.questions.name
qtype network.dns.questions.type
query.domain target.domain.name
threat.interpreterFileAttrs.path target.file.full_path
threat.interpreterFileAttrs.md5 target.file.md5
threat.interpreterFileAttrs.sha256 target.file.sha256
origin principal.application
data_source principal.application
query.clientIp principal.ip
MAGUID:%{threat.maGuid} principal.asset_id
id principal.resource_id
user principal.user.userid
event.policyId security_result.rule_id
indicator_id security_result.rule_id
event.listName security_result.rule_name
indicator_name security_result.rule_name
event.threatId security_result.threat_id
threat.id security_result.threat_id
event.threatName security_result.threat_name
threat.threatAttrs.name security_result.threat_name
event.actionName security_result.action_details
event.confidenceId security_result.confidence_details
event.severityId security_result.severity_details
event.confidenceName security_result.priority_details
threat.score security_result.confidence_details
threat.severity security_result.severity_details
threat.rank security_result.priority_details
event.severityLevel security_result.severity
severity security_result.severity
catname.name security_result.category_details
threat.threatType security_result.category_details
indicator_category security_result.category_details
Statically defined security_result.category
event.reason security_result.summary
threat.detectionTags security_result.detection_fields
threat.threatAttrs.path security_result.about.file.full_path
threat.threatAttrs.md5 security_result.about.file.md5
threat.threatAttrs.sha256 security_result.about.file.sha256
alexaRanking additional.fields

Product Event Types

Event UDM Event Classification
l7Protocol NETWORK_DNS
DEFAULT GENERIC_EVENT

Log Sample

{"configId":"configidnumber","event":{"actionId":"1","actionName":"Monitor","applicationId":"appidnumber","applicationName":"Google Drive","aupCategories":[{"id":"20","name":"File Sharing"}],"catalogId":"catalogidnumber","categoryId":"20","categoryName":"20","cidr":"","clientAgents":["N/A"],"clientRequestId":"","confidenceId":"-1","confidenceName":"Unknown","correlatedSinkholeEvents":[],"deepScanned":false,"description":"None","detectionTime":"2023-10-24T23:12:24Z","detectionType":"inline","dohAttribution":"","encryptedInternalClientIP":"","encryptedInternalClientName":"","eventType":"aup","internalClientIP":"N/A","listId":"20","listName":"DNS Tunneling","observedAupCategories":[20],"onRamp":"No","onrampType":"dns","policyEvaluationSource":"dns","policyId":"47410","policyName":"Unidentified Location Policy","reason":"Category","riskId":"4","riskName":"Very High","scId":"N/A","scName":"N/A","severityId":0,"severityLevel":"Unclassified","siteId":"-1","siteName":"Unidentified IPs","sublocationId":"-1","sublocationName":"N/A","threatId":2000,"threatName":"AUP","transportType":"dou","trigger":"domain"},"id":"153","l7Protocol":"DNS","query":{"clientIp":"10.10.10.113","deviceId":"N/A","deviceName":"Not Available","deviceOwnerId":"Not Available","dnsIp":"10.10.10.52","domain":"sampledomain@sample.com.","queryType":"HTTPS","resolved":[{"asn":"N/A","asname":"N/A","response":"N/A","type":"N/A"}],"time":"2023-10-24T23:12:24Z","uuid":"10.10.10.52-10.10.10.20-1698189144-8983-26834"}}

Sample Parsing

metadata.event_timestamp = "1698189144"
metadata.event_type = "NETWORK_DNS"
metadata.vendor_name = "Akamai"
metadata.product_name = "ETP"
metadata.product_event_type = "DNS"
principal.ip = "10.10.10.113"
target.domain.name = "sampledomain@sample.com"
observer.application = "Unidentified IPs"
security_result.category_details = "File Sharing"
security_result.threat_name = "AUP"
security_result.rule_id = "47410"
security_result.rule_name = "DNS Tunneling"
security_result.summary = "Category"
security_result.action_details = "Monitor"
security_result.severity_details = "0"
security_result.confidence_details = "-1"
security_result.priority_details = "Unknown"
security_result.threat_id = "2000"
network.application_protocol = "DNS"
network.dns.questions.name = "sampledomain@domain.com"
network.dns.answers.name = "N/A"
network.dns.authority.name = "10.10.10.52"
network.dns.additional.data = "10.10.10.52-10.10.10.20-1698189144-8983-26834"