Skip to main content

General Documents

Harvesting Reverse Intelligence From Akamai API Security

Category: Cyware Product

Cyware Products Used:

  • Intel Exchange 

Third-party Integrations Used:

  • Akamai API Security: API Security gives you full visibility into your entire API estate through continuous discovery and real-time analysis.

Problem Statement

Organizations must continuously monitor and respond to emerging threats captured through various security platforms. Extracting relevant Indicators of Compromise (IOCs) from disparate systems like Akamai API Security and integrating them into centralized technologies such as SIEM and TIP platforms is crucial for maintaining robust security awareness and timely response to threats.

Solution

The solution involves automating the extraction and management of IOCs from Akamai API Security events and ensuring these are effectively integrated into SIEM watchlists for continuous monitoring and proactive security measures.

Usecase_2.png
How do we solve this problem?

  1. Get Latest Security Events: The playbook begins by establishing a connection to the Akamai API Security platform to access relevant security events.

  2. Filter Relevant Security Events: Filter events based on severity and other comparison criteria to ensure we weed out false positives as much as possible

  3. Extract IOCs: Analyze the imported events to extract all Indicators of Compromise (IOCs), such as suspicious IP addresses, URLs, and file hashes.

  4. Enrich IOC with TIP: Enrich the indicators with Cyware Intel Exchange to check if any history of the indicator has been seen before.

  5. Reverse add IOCs to TIP: If the IOCs are not added to the TIP, you can add the extracted indicators to Cyware Intel Exchange tagged as internal intelligence

Optional Configuration

Expand the playbook to incorporate additional data sources from other security tools or automate the correlation with existing internal threat intelligence to provide richer context around newly discovered IOCs. This can also be extended to perform threat hunting on discovered indicators.

Benefits
Enhanced Threat Visibility

Improved situational awareness by integrating IOCs into a centralized monitoring platform.

Proactive Threat Management

Enhances identifying and addressing potential threats before they materialize into significant security incidents.

Streamlined Integration

Automates importing and managing threat data, reducing manual overhead and improving efficiency in threat response efforts.