Hi everyone,I am looking for advice on the best architecture for ingesting Akamai WAF logs into Google SecOps. We are currently trying to find another way rather from using Bindplane.We are checking with Akamai DataStream 2, but we are running into a visibility issue. The streams seem to be metrics-heavy and when we look at the WAF data, we are primarily seeing the "Rule Trigger" ( just the Rule ID and Action, e.g "securityRules": "ULnR_28976|3900000:3900001:3900005:3900006:BOT-ANOMALY-HEADER|" ).In that case, we are missing the deeper forensic context we need for analysis, such as: Payloads / Post Body details The specific logic that caused the match So I have some questions: Is DataStream the wrong tool for this? Is it possible to configure DataStream 2 to include full request details, or is it strictly for high-level metrics and simple triggers? SIEM Integration API: Is the "Akamai SIEM Integration" (the Pull API) considered the standard for getting the full verbose security events? If so, does anyone have a recommended way to pull these reliably without Bindplane? LDS (Log Delivery Service): Is anyone using standard LDS for WAF analysis, or is the latency (non-real-time) too high for security operations? I’m are looking for the "gold standard" to get full raw WAF logs out of Akamai without using a middle-man agent like Bindplane.Thanks!

Question

Best pattern for ingesting Akamai WAF logs (DataStream vs. SIEM API) - looking for full request details

Forum|Forum|22 days ago
November 20, 2025
3 replies
57 views

+1

sofn
New Member

Hi everyone,

I am looking for advice on the best architecture for ingesting Akamai WAF logs into Google SecOps. We are currently trying to find another way rather from using Bindplane.

We are checking with Akamai DataStream 2, but we are running into a visibility issue. The streams seem to be metrics-heavy and when we look at the WAF data, we are primarily seeing the "Rule Trigger" ( just the Rule ID and Action, e.g "securityRules": "ULnR_28976|3900000:3900001:3900005:3900006:BOT-ANOMALY-HEADER|" ).

In that case, we are missing the deeper forensic context we need for analysis, such as:

Payloads / Post Body details
The specific logic that caused the match

So I have some questions:

Is DataStream the wrong tool for this? Is it possible to configure DataStream 2 to include full request details, or is it strictly for high-level metrics and simple triggers?
SIEM Integration API: Is the "Akamai SIEM Integration" (the Pull API) considered the standard for getting the full verbose security events? If so, does anyone have a recommended way to pull these reliably without Bindplane?
LDS (Log Delivery Service): Is anyone using standard LDS for WAF analysis, or is the latency (non-real-time) too high for security operations?

I’m are looking for the "gold standard" to get full raw WAF logs out of Akamai without using a middle-man agent like Bindplane.

Thanks!

+11

kentphelps
Staff
Forum|Forum|11 days ago
December 1, 2025

Why are you trying to avoid using Bindplane? Bindplane is the recommended ingestion platform for SecOps. Licensing for Bindplane Enterprise (Google Version) is included with SecOps.

Like

+1

AlbakerPearson
New Member
Forum|Forum|3 days ago
December 9, 2025

I’m using Bindplane to bring these logs in. I would say that trimming them down is my next goal. The stability of the tool from Akamai, makes we want to revert to DataStream exports to control and reduce data being pulled then sent to Google SecOps.

Like

+11

kentphelps
Staff
Forum|Forum|3 days ago
December 9, 2025

Bindplane has more filtering features than the Akamai Datastream. You can selectively remove large or sensitive fields (e.g., large request bodies, complex internal Akamai variables, PII) after the logs are pulled from the source. You can also exclude logs before they are sent to SecOps based on field values (e.g., exclude all logs where http_status_code is 200, or where client_ip is internal). Take a look here for more details:

Like

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded