I am trying to work out how to get Akamai Log Stream of events into SecOps and have some option to Filter out events along the way.
Akamai have provided a recipe to get to GCP Cloud Storage, but not one to get the SecOps.
I see many other of the big names.
Does anyone have any hints on options.
<URL Removed by Staff>
Question
How to Onboard data Streamed to GCP cloud storage, can transformed and sent into SecOps?
+1
+11There are a couple of docs that discuss ingestion of Akamai:
- https://cloud.google.com/chronicle/docs/ingestion/default-parsers/akamai-waf?hl=en
- https://cloud.google.com/chronicle/docs/ingestion/default-parsers/akamai-dns?hl=en
And this doc discusses how to set up feeds from GCS:
https://cloud.google.com/chronicle/docs/administration/feed-management
+1There are a couple of docs that discuss ingestion of Akamai:
- https://cloud.google.com/chronicle/docs/ingestion/default-parsers/akamai-waf?hl=en
- https://cloud.google.com/chronicle/docs/ingestion/default-parsers/akamai-dns?hl=en
And this doc discusses how to set up feeds from GCS:
https://cloud.google.com/chronicle/docs/administration/feed-management
Thank you for the reply I was hoping someone had tried it and engineered it as a direct feed. I have got it working using a AKAMAI -> AWS S3 -> SecOps, but found it expensive to operate. So I was hoping to go direct and tune out unwanted data from AKAMAI events sent AKAMAI -> SecOps.
+1There are a couple of docs that discuss ingestion of Akamai:
- https://cloud.google.com/chronicle/docs/ingestion/default-parsers/akamai-waf?hl=en
- https://cloud.google.com/chronicle/docs/ingestion/default-parsers/akamai-dns?hl=en
And this doc discusses how to set up feeds from GCS:
https://cloud.google.com/chronicle/docs/administration/feed-management
Hello I can see that docs is now recommending a Bindplane architecture, do you think that previous method with Datastream and Cloud Storage still work?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.