Customers want to access, analyze and process their security events to build reports, dashboards or even to get insights in real-time to take actions in a fast manner.
What if we could provide an easier and robust way to collect this data?
That's what you'll get here!
This application provides a reliable and scalable way to collect Akamai Security Events (WAF, DDoS, BOT, etc.) and easily store it into analytics platforms.
If you want to collaborate in this project, reach out us by e-Mail.
You can also fork and customize this project by yourself once it's opensource. Follow the requirements below to set up your build environment.
NodeJS 20.x or later with npmJDK 17 or laterDocker 24.x or laterAny linux distribution with Kernel 5.x or laterorMacOS - Catalina or laterorMS-Windows 10 or later with WSL2Dedicated machine with at least 4 CPU cores and 8 GB of RAM
Just execute the shell script build.sh to start the building process. Execute package.sh to start the packaging, and
executepublish.sh to publish the built packages in the repository.
The following variables must be set in your build environment file that is located in iac/.env.
DOCKER_REGISTRY_URL: Define the Docker Registry Repository URL to build and store the container images. (For example, to use Docker HUB, the value will bedocker.io. To use GitHub Packages, the value will beghcr.io. Please check the instructions of your Docker Registry repository).DOCKER_REGISTRY_ID: Define the Docker Registry Repository Identifier (Usually it's the username, but check the instructions of your Docker Registry repository).BUILD_VERSION: Define the version of the container images.IDENTIFIER: Define the identifier (prefix) of the container images.
The following environment variable must be set in your operating system.
DOCKER_REGISTRY_PASSWORD: Define the Docker Registry Repository Password.
dialog 1.3.x or latercurl 8.5.x or laterjq 1.7.x or laterterraform 1.5.x or laterkubectl 1.29.x or laterAny linux distribution with Kernel 5.x or laterorMacOS - Catalina or laterorMS-Windows 10 or later with WSL2
To start the setup, you just need to execute the script setup.sh and follow the instructions.
Just execute the shell script deploy.sh (after the setup) to start the provisioning, and execute undeploy.sh for
de-provisioning.
After the provisioning is complete, just execute the following commands:
export KUBECONFIG=iac/.kubeconfigto specify how you'll connect in the Akamai Connected Cloud LKE cluster.kubectl get nodes -o wideto list the LKE cluster nodes.kubectl get pods -n akamai-siem-connector -o wideto get the details of stack pods.
To access the stack UI (after all pods started), get the hostname by executing the command kubectl get service ingress -n akamai-siem-connector -o json | jq -r ".status.loadBalancer.ingress[0].hostname".
Then just open your browser and type the URL: [http|https]://<hostname> and the login prompt will appear.
To access the administration UI, just open your browser and type the URL: [http|https]://<hostname>:[9000|9443] and the login prompt will appear.
Follow this diagram to check out the architecture.
If you want to customize the stack by yourself, just edit the following files in the iac directory:
main.tf: Defines the required provisioning providers.variables.tf: Defines the provisioning variables.linode.tf: Defines the provisioning settings of Akamai Connected Cloud.lke.tf: Defines the provisioning of the LKE cluster.lke-stack-storages.yml: Defines how the stack storages (Block Storage) will be deployed in the Akamai Connected Cloud.lke-stack-deployments.yml: Defines how the stack deployments (pods) will be deployed in the Akamai Connected Cloud.lke-stack-services.yml: Defines how the stack services (ingress and stack services) will be deployed in the Akamai Connected Cloud.auth0.tf: Defines the provisioning of the auth0.com settings.docker-compose.yml: Defines how the stack will be built.
And that's it! Have fun!