Akamai WAF Log Enablement And Extraction Guide

Enable Logging

1. Enable SIEM Integration in the Akamai security configuration used by App & API Protector, Kona Site Defender, Web Application Protector, or the relevant Akamai WAF service.
2. Assign a service account or user with the required SIEM management role so credentials can be provisioned for collection.
3. Define any event filtering needed so the exported feed focuses on the security configurations and policies that matter for aiFObserve analysis.

Extract or Export the Logs

4. Use Akamai's SIEM API or one of Akamai's supported connectors to retrieve security events in near real time.
5. If you are building your own collector, use the SIEM Open API and persist the returned JSON events to files that aiFObserve can access.
6. Export events in bounded batches and retain your offset because Akamai documents approximately 12 hours of retention in the collector for missed-event replay.

Important Fields to Preserve

• Security Configuration ID
• Policy / Rule
• Action
• Client IP
• Host
• Request Path
• User Agent
• Timestamp
• Event Category