Akamai Secure Internet Access Enterprise Reporting
App Vendor: Akamai
App Category: Data Enrichment & Threat Intelligence
Connector Version: 2.1.0
API Version: v3
About App
The Akamai Secure Internet Access Enterprise Reporting connector lets you access and analyze reports for DNS activity, network traffic connections, security connector events, and threat events.
The Akamai Secure Internet Access Enterprise Reporting app is configured with Cyware Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Get AUP Event Details | This action lists the acceptable use policy (AUP) events for a given time period. |
Get Changed IOC Details | This action retrieves the historical changes for the specified record and record type. |
Get IOC Details | This action retrieves the IOC details. |
Get IOC Domain Tree Report | This action lists the blocklisted domains from the specified record. If no domains are found, it returns an empty list. |
List Threat Details | This action retrieves the threat details. |
Generic Action | This is a generic action used to make requests to any Akamai Secure Internet Access Enterprise Reporting endpoint. |
Configuration Parameters
The following configuration parameters are required for the Akamai Secure Internet Access Enterprise Reporting app to communicate with the Akamai Secure Internet Access Enterprise Reporting enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL to connect with the Akamai Secure Internet Access Enterprise Reporting API. Example: https://api.sample.com | Text | Required | |
Client Token | Enter the client token to authenticate with the Akamai Secure Internet Access Enterprise Reporting API. Example: akab-nomoflavjuc4422-fa2xznerxrm3teg7 | Password | Required | |
Client Secret | Enter the client secret for authentication. | Password | Required | |
Access Token | Enter the access token to access Akamai Secure Internet Access Enterprise Reporting API. | Password | Required | |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection. | Boolean | Optional | By default, verification is disabled. |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Akamai Secure Internet Access Enterprise Reporting. | Integer | Optional | Allowed range: 15-120 Default value: 15 |
Action: Get AUP Event Details
This action lists the AUP events for a given time period.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Config ID | Enter the configuration ID. Example: 100 | Integer | Required | |
Order By | Enter the order to sort the response. | Text | Optional | Allowed values
|
Start Time | Enter the start time (in epoch) from which you want to retrieve the report. Example: 1333631700 | Integer | Required | |
End Time | Enter the end time (in epoch) until which you want to retrieve the report. Example: 2443631700 | Integer | Required | |
Account Switch Key | Enter the account switch key to perform this action from a different account. Example: 1-5C0YLB:1-8BYUX | Text | Optional | For more information, see Secure Internet Access Enterprise Reporting API Documentation. |
Additional Data | Enter any additional details while listing threat details. Example: 'filters': { 'action': { 'in': ['test'] }} | Key Value | Optional | |
Filters | Enter the filters to narrow down the response. Example: $JSON[{\"domain\":{\"in\":[\"dentamedical.200o.ir.\"]}}]) | Any | Optional | Allowed keys: applicationId, category, clientRequestId, deviceId, deviceOwnerId, devicePostureRisk, dlpDictionaryId, dlpFileHash, dlpPatternId, domain, encryptedInternalClientIP, encryptedInternalClientName, encryptedUserId, encryptedUserName, fileType, group, isAlert, l7Protocol, matchedGroups, onRampType, operationId, policy, reason, riskId, site, sublocationId |
Action: Get Changed IOC Details
This action retrieves the historical changes for the specified record and record type.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Record | Enter the record from which you want to retrieve the report. Example: sampledomain.com | Text | Required | |
Start Time | Enter the start time (in epoch) from which you want to retrieve the report. Example: 1333631700 | Integer | Required | |
Record Type | Enter the type of record you want to retrieve the report from. | Text | Required | Allowed values:
|
End Time | Enter the end time (in epoch) until which you want to retrieve the report. Example: 2443631700 | Integer | Required | |
Account Switch Key | Enter the account switch key to perform this action from a different account. Example: 1-5C0YLB:1-8BYUX | Text | Optional | For more information, see Secure Internet Access Enterprise Reporting API Documentation. |
Action: Get IOC Details
This action retrieves the IOC details.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Record Type | Enter the type of record from which you want to retrieve the details. | Text | Required | Allowed values:
|
Record | Enter the record from which you want to retrieve the details. Example: sampledomain.com | Text | Required | |
Include Changes | Enter true to include an array of IOC changes in the response. | Boolean | Optional | Default value: true |
Get IOC AUP Details | Enter true to retrieve IOC AUP details in the response. | Boolean | Optional | Default value: false |
Account Switch Key | Enter the account switch key to perform this action from a different account. Example: 1-5C0YLB:1-8BYUX | Text | Optional | For more information, see Secure Internet Access Enterprise Reporting API Documentation. |
Action: Get IOC Domain Tree Report
This action lists the blocklisted domains from the specified record. If no domains are found, it returns an empty list.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Record Type | Enter the type of record you want to retrieve the report from. | Text | Required | Allowed values:
|
Record | Enter the record from which you want to retrieve the report. Example: sampledomain.com | Text | Required | |
Account Switch Key | Enter the account switch key to perform this action from a different account. Example: 1-5C0YLB:1-8BYUX | Text | Optional | For more information, see Secure Internet Access Enterprise Reporting API Documentation. |
Action: List Threat Details
This action retrieves the threat details.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Config ID | Enter the configuration ID. Example: 100 | Integer | Required | |
Start Time | Enter the start time (in epoch) from which you want to retrieve the details. Example: 1333631700 | Integer | Required | |
Account Switch Key | Enter the account switch key to perform this action from a different account. Example: 1-5C0YLB:1-8BYUX | Text | Optional | For more information, see Secure Internet Access Enterprise Reporting API Documentation. |
Page Number | Enter the page number. Example: 1 | Integer | Optional | |
Page Size | Enter the number of results to retrieve per page. Example: 10 | Integer | Optional | |
End Time | Enter the end time (in epoch) until which you want to retrieve the details. Example: 2443631700 | Integer | Required | |
Order By | Enter the order to sort the response. | Text | Optional | Allowed values:
|
Additional Data | Enter any additional details while listing threat details. Example: 'filters': { 'action': { 'in': ['test'] } | Key Value | Optional | |
Filters | Enter the filters to narrow down the response. Example: $JSON[{\"uuid\": {\"in\": [\"173.223.98.166-104.86.111.92-1725180009-36388-10205\"]}}] | Any | Optional | Allowed keys: action, asName, blockDescription, category, clientIP, clientRequestId, confidence, destinationIP, detectionType, deviceId, deviceOwnerId, devicePostureRisk, dlpDictionaryId, dlpFileHash, dlpPatternId, dohAttribution, domain, encryptedInternalClientIP, encryptedInternalClientName, encryptedMachineName, encryptedUserName, fileType, hasSinkholeCorrelation, hostname, httpRequestMethod, internalIP, isAlert, l7Protocol, list, onRamp, onRampType, policy, proxyDestinationPort, reason, severityId, sinkholeIP, site, sourcePort, sublocationId, threatId, transportType, uri |
Action: Generic Action
This is a generic action used to make requests to any Secure Internet Access Enterprise Reporting endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make the request. Example: GET | Text | Required | Allowed values:
|
Endpoint | Enter the endpoint to make the request. Example: /schedules/{schedule_id} | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Additional Data | Enter any additional details to pass to API. | Key Value | Optional |