Mitigate Security Threats with SIEM
•
1 j'aime•275 vues
Fine-tune your security strategy. Learn more: http://developer.akamai.com/blog/2020/07/28/mitigate-security-threats-siem
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à Mitigate Security Threats with SIEM
Similaire à Mitigate Security Threats with SIEM (20)
Plus de Akamai Developers & Admins
Plus de Akamai Developers & Admins (20)
Dernier
Dernier (20)
Mitigate Security Threats with SIEM
- 1. © 2020 Akamai1 Fine-tune your security strategy. Mitigate Security Threats with SIEM
- 3. © 2020 Akamai3 Agenda Introduction to SIEM1 Demos3 Q&A - Ask us anything in the Q&A widget4 Akamai SIEM Integration2
- 4. © 2020 Akamai4 Speaker Mike Elissen Developer Advocate Akamai Technologies Ajay Mishra Director of Security Technology and Strategy Akamai Technologies
- 5. © 2020 Akamai5 Why SIEM? DevSecOps | Security Information and Event Management Ask us a question in the Q&A widget! Investigate threatsDetect threats Mitigate threats
- 6. © 2020 Akamai6 Akamai SIEM Integration DevSecOps | Security Information and Event Management Ask us a question in the Q&A widget!
- 7. © 2020 Akamai7 Akamai SIEM Integration DevSecOps | Security Information and Event Management Ask us a question in the Q&A widget! Akamai Edge Security Akamai Security Events Collector Connector Your SIEM 1 Security events generated in JSON format Pull request Pull response Push to SIEM Splunk CEF Syslog SIEM API SIEM CEF 3 2 4
- 8. © 2020 Akamai8 Akamai SIEM Integration DevSecOps | Security Information and Event Management Ask us a question in the Q&A widget! { "type": "akamai_siem", "format": "json", "version": "1.0", "attackData": { "configId": "31987", "policyId": "dac2_63124", "clientIP": "66.249.82.189", "rules": "MzkwMDAwMA%3d%3d%3bMzkwMDAwNg%3d%3d%3bMzkwMDAxMg%3d%3d%3bMzkwMDAxMw%3d%3d%3bQk9ULUFOT01BTFktSEVBREVS%3b", "ruleVersions": "MQ%3d%3d%3bMQ%3d%3d%3bMQ%3d%3d%3bMQ%3d%3d%3bMQ%3d%3d%3b", "ruleMessages": "TWlzc2luZyBBY2NlcHQtTGFuZ3VhZ2UgSGVhZGVy%3bTWlzc2luZyBDb29raWUgSGVhZGVy%3bQ29tZXMgZnJvbSBhIFByb3h5%3bT3JpZ2luYXRlcyBmcm9tIENsb3VkIElhYVMg UHJvdmlkZXIgTmV0d29yaw%3d%3d%3bVW5rbm93biBCb3RzIChSZXF1ZXN0IEFub21hbHkp%3b", "ruleTags": "QUtBTUFJL0JPVC9SRVFVRVNUX0FOT01BTFk%3d%3bQUtBTUFJL0JPVC9SRVFVRVNUX0FOT01BTFk%3d%3bQUtBTUFJL0JPVC9SRVFVRVNUX0FOT01BTFk%3d%3bQUtB TUFJL0JPVC9SRVFVRVNUX0FOT01BTFk%3d%3bQUtBTUFJL0JPVC9VTktOT1dOX0JPVA%3d%3d%3b", "ruleData": "%3b%3b%3bUmVxdWVzdCBmcm9tIENsb3VkIElhYVMsIEFTTlVNIDkzMDQ%3d%3bQm90X0EzOTNFQjVBNDRCRjk4OUREOEJDQjdGNDE4QUM0MTE4%3b", "ruleSelectors": "UkVRVUVTVF9IRUFERVJTOlVzZXItQWdlbnQ%3d%3bJlJFUVVFU1RfSEVBREVSUzpDb29raWU%3d%3b%3b%3b%3b", "ruleActions": "bW9uaXRvcg%3d%3d%3bbW9uaXRvcg%3d%3d%3bbW9uaXRvcg%3d%3d%3bbW9uaXRvcg%3d%3d%3bbW9uaXRvcg%3d%3d%3b", "apiId": "API_369224",
- 9. © 2020 Akamai9 Demo and Use Cases 1. How to configure SIEM Integration 2. Connect SIEM with Splunk 3. Launch a credential abuse attack 4. Capture events in Splunk Ask us a question in the Q&A widget! { "type": "akamai_siem", "format": "json", "version": "1.0", "attackData": { "configId": "31987", "policyId": "dac2_63124", "clientIP": "66.249.82.189", "rules": "MzkwMDAwMA%3d%3d%3bMzkwMDAwNg%3d%3d%3bMzkwMDAxMg%3d%3d%3bMzkwMDAxMw%3d%3d%3b Qk9ULUFOT01BTFktSEVBREVS%3b", "ruleVersions": "MQ%3d%3d%3bMQ%3d%3d%3bMQ%3d%3d%3bMQ%3d%3d%3bMQ%3d%3d%3b", "ruleMessages": "TWlzc2luZyBBY2NlcHQtTGFuZ3VhZ2UgSGVhZGVy%3bTWlzc2luZyBDb29raWUgSGVhZGVy%3bQ29tZXMgZnJvb SBhIFByb3h5%3bT3JpZ2luYXRlcyBmcm9tIENsb3VkIElhYVMgUHJvdmlkZXIgTmV0d29yaw%3d%3d%3bVW5rbm93 biBCb3RzIChSZXF1ZXN0IEFub21hbHkp%3b", "ruleTags": "QUtBTUFJL0JPVC9SRVFVRVNUX0FOT01BTFk%3d%3bQUtBTUFJL0JPVC9SRVFVRVNUX0FOT01BTFk%3d%3 bQUtBTUFJL0JPVC9SRVFVRVNUX0FOT01BTFk%3d%3bQUtBTUFJL0JPVC9SRVFVRVNUX0FOT01BTFk%3d%3 bQUtBTUFJL0JPVC9VTktOT1dOX0JPVA%3d%3d%3b", "ruleData": "%3b%3b%3bUmVxdWVzdCBmcm9tIENsb3VkIElhYVMsIEFTTlVNIDkzMDQ%3d%3bQm90X0EzOTNFQjVBNDRCRj k4OUREOEJDQjdGNDE4QUM0MTE4%3b", "ruleSelectors": "UkVRVUVTVF9IRUFERVJTOlVzZXItQWdlbnQ%3d%3bJlJFUVVFU1RfSEVBREVSUzpDb29raWU%3d%3b%3b%3b %3b", "ruleActions": "bW9uaXRvcg%3d%3d%3bbW9uaXRvcg%3d%3d%3bbW9uaXRvcg%3d%3d%3bbW9uaXRvcg%3d%3d%3bbW9ua XRvcg%3d%3d%3b", "apiId": "API_369224",
- 10. © 2020 Akamai10 Credential Stuffing Attack PHP Login Page with Akamai Bot Manager in ALERT mode Ask us a question in the Q&A widget! Akamai Edge Security PHP Login Page Connector Splunk 1 Bot Manager in ALERT mode Push to SIEM SIEM2
- 11. © 2020 Akamai11 Best Practices 1 2 Verify requirements with Splunk No available connector? Use the SIEM API 3 Keep your security configuration up-to-date
- 12. © 2020 Akamai12 Summary Visit Akamai Docs developer.akamai.com Let’s Recap Webinar Resources