Skip to content

dsztykman/siem-aka-logstash

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

README.md

README.md

 
 

akamai-siem_template.json

akamai-siem_template.json

 
 

json_siem.conf

json_siem.conf

 
 

siem-aka.py

siem-aka.py

 
 

Repository files navigation

Siem-aka-logstash

Logstash Docker Image for Akamai SIEM connector

To use it create an env file which will contain all the variables required. You should setup the following variables:

# The script writes its state to consul
ENV CONSUL_HOST "consul"
ENV CONSUL_PORT "9500"
ENV CONSUL_SCHEME "http"

# This is the SIEM connector ID that is sent with API calls
ENV CONNECTORID ""

# Edgegrid credentials
ENV EG_CLIENT_TOKEN ""
ENV EG_CLIENT_SECRET ""
ENV EG_ACCESS_TOKEN ""
ENV EG_BASE_URL ""

# Set this to the actual elasticsearch URL if required
ENV ES_URL "elasticsearch:9200"

# Elasticsearch indexes will be created with this prefix
ENV ES_INDEX ""

In this image we're storing the offset information into consul a distributed key value store which allows multiple logstash to fetch data from Akamai

About

Logstash connector for Akamai SIEM

Topics

elasticsearch kibana logstash akamai-open siem

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages