Akamai Security Events Data Connector (#1375)

* added Akamai Security Events Data Connector * added akamai logo * updated akamai data connector template Co-authored-by: Sergiy Prystaiko <sp@socprime.com>
2020-12-04 21:18:30 +02:00 · 2020-12-04 21:18:30 +02:00 · 33796f287c
--- a/DataConnectors/AkamaiSecurityEvents/Connector_CEF_Akamai.json
+++ b/DataConnectors/AkamaiSecurityEvents/Connector_CEF_Akamai.json
@ -0,0 +1,118 @@
+{
+    "id": "AkamaiSecurityEvents",
+    "title": "Akamai Security Events",
+    "publisher": "Akamai",
+    "descriptionMarkdown": "The Akamai Security Events data connector provides the capability to ingest [Akamai Security Events](https://www.akamai.com/us/en/products/security/) events into Azure Sentinel using syslog. Refer to [Akamai SIEM Integration documentation](https://developer.akamai.com/tools/integrations/siem) for more information.",
+    "additionalRequirementBanner": "This data connector depends on a parser based on Kusto Function to work as expected. Follow the steps to use this Kusto Function alias **AkamaiSIEMEvent** in queries and workbooks. [Follow steps to get this Kusto Function>](https://aka.ms/sentinel-akamaisecurityevents-parser)  ",
+    "graphQueries": [
+        {
+            "metricName": "Total data received",
+            "legend": "AkamaiSecurityEvents",
+            "baseQuery": "CommonSecurityLog\n| where DeviceVendor == \"Akamai\"\n| where DeviceProduct == \"akamai_siem\""
+        }
+    ],
+    "sampleQueries": [
+        {
+            "description" : "Top 10 Countries", 
+            "query": "AkamaiSIEMEvent\n | summarize count() by SrcGeoCountry\n | top 10 by count_"
+        }
+    ],
+    "dataTypes": [
+        {
+            "name": "CommonSecurityLog (AkamaiSecurityEvents)",
+            "lastDataReceivedQuery": "CommonSecurityLog\n | where DeviceVendor == \"Akamai\"\n | where DeviceProduct == \"akamai_siem\"\n | summarize Time = max(TimeGenerated)\n| where isnotempty(Time)"
+        }
+    ],
+    "connectivityCriterias": [
+        {
+            "type": "IsConnectedQuery",
+            "value": [
+                "CommonSecurityLog\n | where DeviceVendor == \"Akamai\"\n | where DeviceProduct == \"akamai_siem\"\n | summarize LastLogReceived = max(TimeGenerated)\n| project IsConnected = LastLogReceived > ago(30d)"
+            ]
+        }
+    ],
+    "availability": {
+        "status": 1
+    },
+    "permissions": {
+        "resourceProvider": [
+            {
+                "provider": "Microsoft.OperationalInsights/workspaces",
+                "permissionsDisplayText": "read and write permissions are required.",
+                "providerDisplayName": "Workspace",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                    "read": true,
+                    "write": true,
+                    "delete": true
+                }
+            },
+            {
+                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
+                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
+                "providerDisplayName": "Keys",
+                "scope": "Workspace",
+                "requiredPermissions": {
+                    "action": true
+                }
+            }
+        ]
+    },
+    "instructionSteps": [
+        {
+            "description":">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected. [Follow these steps](https://aka.ms/sentinel-akamaisecurityevents-parser) to create the Kusto functions alias, **AkamaiSIEMEvent**"
+        },
+        {
+            
+            "title": "1. Linux Syslog agent configuration",
+            "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Azure Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
+            "innerSteps": [
+                {
+                    "title": "1.1 Select or create a Linux machine",
+                    "description": "Select or create a Linux machine that Azure Sentinel will use as the proxy between your security solution and Azure Sentinel this machine can be on your on-prem environment, Azure or other clouds."
+                },
+                {
+                    "title": "1.2 Install the CEF collector on the Linux machine",
+                    "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Azure Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.\n\n> 1. Make sure that you have Python on your machine using the following command: python -version.\n\n> 2. You must have elevated permissions (sudo) on your machine.",
+                    "instructions": [
+                        {
+                            "parameters": {
+                                "fillWith": [
+                                    "WorkspaceId",
+                                    "PrimaryKey"
+                                ],
+                                "label": "Run the following command to install and apply the CEF collector:",
+                                "value": "sudo wget https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
+                            },
+                            "type": "CopyableLabel"
+                        }
+                    ]
+                }
+            ]
+        },
+        {
+            "title": "2. Forward Common Event Format (CEF) logs to Syslog agent",
+            "description": "[Follow these steps](https://developer.akamai.com/tools/integrations/siem) to configure Akamai CEF connector to send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machine's IP address."
+        },
+        {
+            "title": "3. Validate connection",
+            "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python -version\n\n>2. You must have elevated permissions (sudo) on your machine",
+            "instructions": [
+                {
+                    "parameters": {
+                        "fillWith": [
+                            "WorkspaceId"
+                        ],
+                        "label": "Run the following command to validate your connectivity:",
+                        "value": "sudo wget https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py  {0}"
+                    },
+                    "type": "CopyableLabel"
+                }
+            ]
+        },
+        {
+            "title": "4. Secure your machine ",
+            "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)"
+        }
+    ]
+}
--- a/Logos/akamai.svg
+++ b/Logos/akamai.svg
@ -0,0 +1,12 @@
+<svg width="75" height="75" viewBox="0 0 75 75" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M18.4488 50.4008C12.9933 48.7102 9.02824 43.5759 9.02824 37.5C9.02824 31.3597 13.0778 26.1827 18.6162 24.5357C19.1834 24.3641 19.0365 24 18.3438 24C10.9791 24 5 30.055 5 37.5C5 44.945 10.9791 51 18.3438 51C19.0365 51 19.0783 50.5932 18.4488 50.4008Z" fill="#0099CC"/>
+<path d="M11.5668 40.6451C11.525 40.281 11.5036 39.9178 11.5036 39.5537C11.5036 33.6277 16.2041 28.8356 22.0158 28.8356C27.5124 28.8356 29.1489 31.3388 29.3591 31.1672C29.5897 30.9965 27.3654 26.0329 20.9242 26.0329C15.1125 26.0329 10.4128 30.8249 10.4128 36.751C10.4128 38.1201 10.6648 39.4257 11.1261 40.6233C11.3148 41.1372 11.6087 41.1372 11.5668 40.6451Z" fill="#0099CC"/>
+<path d="M15.9731 32.9218C18.7005 31.7025 22.1419 31.6598 25.5193 32.8791C27.7854 33.6917 29.1076 34.8475 29.2127 34.7831C29.4015 34.6977 27.8904 32.2799 25.1836 31.2312C21.9104 29.9692 18.3861 30.6329 15.8262 32.6867C15.5324 32.9218 15.6374 33.0716 15.9731 32.9218Z" fill="#0099CC"/>
+<path d="M70.0001 37.9707C70.0001 38.7407 69.3706 39.3826 68.6155 39.3826C67.8596 39.3826 67.231 38.7625 67.231 37.9707C67.231 37.2008 67.8391 36.5589 68.6155 36.5589C69.392 36.5589 70.0001 37.179 70.0001 37.9707Z" fill="#FF9933"/>
+<path d="M24.9321 45.8652L25.0995 47.7483H28.0165L27.0299 36.8159H22.6874L17.1899 47.7483H20.1693L21.0926 45.8652H24.9321ZM24.7852 43.7471H22.1202L24.4077 39.0194H24.4281L24.7852 43.7471Z" fill="#FF9933"/>
+<path d="M32.0658 42.9769H32.5066L34.5839 40.0887H37.2899L34.4156 43.7686L36.1787 47.748H33.3035L32.1495 44.6456H31.7301L31.0801 47.748H28.6252L30.8905 36.8157H33.3454L32.0658 42.9769Z" fill="#FF9933"/>
+<path d="M41.1299 47.7478H43.5847L44.5704 42.9767C45.1163 40.3455 44.1306 40.025 41.6125 40.025C39.8503 40.025 38.1505 40.0032 37.6679 42.3774H40.1228C40.2697 41.6929 40.6891 41.544 41.2982 41.544C42.3675 41.544 42.3257 41.9925 42.1788 42.6989L41.9268 43.9182H41.8226C41.738 43.0411 40.6473 43.0629 39.9545 43.0629C38.1719 43.0629 37.1221 43.6404 36.7446 45.4798C36.3466 47.4264 37.2485 47.855 38.9688 47.855C39.829 47.855 40.9829 47.6834 41.3819 46.6356H41.4656L41.1299 47.7478ZM40.4371 44.5819C41.2349 44.5819 41.7594 44.6455 41.6329 45.2874C41.4656 46.0791 41.1299 46.2289 40.1014 46.2289C39.7239 46.2289 39.032 46.2289 39.1994 45.3945C39.3464 44.6881 39.829 44.5819 40.4371 44.5819" fill="#FF9933"/>
+<path d="M48.5572 40.0888L48.3266 41.1583H48.4316C48.9142 40.2594 49.8999 40.0034 50.7396 40.0034C51.7885 40.0034 52.8374 40.1959 52.6905 41.5006H52.7956C53.1517 40.4093 54.2434 40.0034 55.1872 40.0034C56.9289 40.0034 57.6635 40.7307 57.285 42.5066L56.1943 47.748H53.7394L54.6628 43.3192C54.7883 42.5275 54.9147 41.9282 53.97 41.9282C53.0048 41.9282 52.6905 42.5701 52.5222 43.4045L51.6202 47.748H49.1653L50.1305 43.1049C50.257 42.3994 50.2988 41.9282 49.4387 41.9282C48.4316 41.9282 48.1164 42.4848 47.9277 43.4045L47.0257 47.748H44.5708L46.1655 40.0888H48.5572Z" fill="#FF9933"/>
+<path d="M61.8386 47.7478H64.2935L65.3005 42.9767C65.8463 40.3455 64.8598 40.025 62.3426 40.025C60.5795 40.025 58.8797 40.0032 58.398 42.3774H60.8529C60.9989 41.6929 61.4192 41.544 62.0274 41.544C63.0976 41.544 63.0558 41.9925 62.9089 42.6989L62.6569 43.9182H62.5518C62.4681 43.0411 61.3774 43.0629 60.6846 43.0629C58.9011 43.0629 57.8522 43.6404 57.4747 45.4798C57.0758 47.4264 57.9777 47.855 59.698 47.855C60.5591 47.855 61.713 47.6834 62.1111 46.6356H62.1956L61.8386 47.7478ZM61.1672 44.5819C61.9641 44.5819 62.4886 44.6455 62.363 45.2874C62.1956 46.0791 61.86 46.2289 60.8315 46.2289C60.454 46.2289 59.7612 46.2289 59.9295 45.3945C60.0765 44.6881 60.5591 44.5819 61.1672 44.5819" fill="#FF9933"/>
+<path d="M67.8602 47.7478H65.4053L66.9787 40.0885H69.4548L67.8602 47.7478Z" fill="#FF9933"/>
+</svg>
--- a/Parsers/Akamai/AkamaiSIEMEvent.txt
+++ b/Parsers/Akamai/AkamaiSIEMEvent.txt
@ -0,0 +1,88 @@
+// Usage Instruction : 
+// Paste below query in log analytics, click on Save button and select as Function from drop down by specifying function name and alias as AkamaiSIEMEvent.
+// Function usually takes 10-15 minutes to activate. You can then use function alias from any other queries (e.g. AkamaiSIEMEvent | take 10).
+// Reference : Using functions in Azure monitor log queries : https://docs.microsoft.com/azure/azure-monitor/log-query/functions
+CommonSecurityLog 
+| where DeviceVendor == 'Akamai'
+| where DeviceProduct == 'akamai_siem'
+| extend EventVendor = 'Akamai'
+| extend EventProduct = 'akamai_siem'
+| extend EventProductVersion = '1.0'
+| extend EventId = DeviceEventClassID
+| extend EventCategory = Activity
+| extend EventSeverity = LogSeverity
+| extend DvcAction = DeviceAction
+| extend NetworkApplicationProtocol = ApplicationProtocol
+| extend Ipv6Src = DeviceCustomIPv6Address2
+| extend RuleName = DeviceCustomString1
+| extend RuleMessages = DeviceCustomString2
+| extend RuleData = DeviceCustomString3
+| extend RuleSelectors = DeviceCustomString4
+| extend ClientReputation = DeviceCustomString5
+| extend ApiId = DeviceCustomString6
+| extend RequestId = DevicePayloadId
+| extend DstDvcHostname = DestinationHostName
+| extend DstPortNumber = DestinationPort
+| extend ConfigId = FlexString1
+| extend PolicyId = FlexString2
+| extend NetworkBytes = SentBytes
+| extend UrlOriginal = RequestURL
+| extend HttpRequestMethod = RequestMethod
+| extend SrcIpAddr = SourceIP
+| extend EventStartTime = datetime(1970-01-01) + tolong(extract(@'.*start=(.*?);', 1, AdditionalExtensions)) * 1s 
+| extend SlowPostAction = extract(@'.*AkamaiSiemSlowPostAction=(.*?);', 1, AdditionalExtensions)
+| extend SlowPostRate = extract(@'.*AkamaiSiemSlowPostRate=(.*?);', 1, AdditionalExtensions)
+| extend RuleVersions = extract(@'.*AkamaiSiemRuleVersions=,?(.*?);', 1, AdditionalExtensions)
+| extend RuleTags = extract(@'.*AkamaiSiemRuleTags=(.*?);', 1, AdditionalExtensions)
+| extend ApiKey = extract(@'.*AkamaiSiemApiKey=(.*?);', 1, AdditionalExtensions)
+| extend Tls = extract(@'.*AkamaiSiemTLSVersion=(.*?);', 1, AdditionalExtensions)
+| extend RequestHeaders = extract(@'.*AkamaiSiemRequestHeaders=;?(.*?);', 1, AdditionalExtensions)
+| extend ResponseHeaders = extract(@'.*AkamaiSiemResponseHeaders=(.*?);', 1, AdditionalExtensions)
+| extend HttpStatusCode = extract(@'.*AkamaiSiemResponseStatus=(.*?);', 1, AdditionalExtensions)
+| extend GeoContinent = extract(@'.*AkamaiSiemContinent=(.*?);', 1, AdditionalExtensions)
+| extend SrcGeoCountry = extract(@'.*AkamaiSiemCountry=(.*?);', 1, AdditionalExtensions)
+| extend SrcGeoCity = extract(@'.*AkamaiSiemCity=(.*?);', 1, AdditionalExtensions)
+| extend SrcGeoRegion = extract(@'.*AkamaiSiemRegion=(.*?);', 1, AdditionalExtensions)
+| extend GeoAsn = extract(@'.*AkamaiSiemASN=(\d+)', 1, AdditionalExtensions)
+| extend Custom = extract(@'.*AkamaiSiemCusomData=(.*?)', 1, AdditionalExtensions)
+| project TimeGenerated
+        , EventVendor
+        , EventProduct
+        , EventProductVersion
+        , EventStartTime
+        , EventId
+        , EventCategory
+        , EventSeverity
+        , DvcAction
+        , NetworkApplicationProtocol
+        , Ipv6Src
+        , RuleName
+        , RuleMessages
+        , RuleData
+        , RuleSelectors
+        , ClientReputation
+        , ApiId
+        , RequestId
+        , DstDvcHostname
+        , DstPortNumber
+        , ConfigId
+        , PolicyId
+        , NetworkBytes
+        , UrlOriginal
+        , HttpRequestMethod
+        , SrcIpAddr
+        , SlowPostAction
+        , SlowPostRate
+        , RuleVersions
+        , RuleTags
+        , ApiKey
+        , Tls
+        , RequestHeaders
+        , ResponseHeaders
+        , HttpStatusCode
+        , GeoContinent
+        , SrcGeoCountry
+        , SrcGeoCity
+        , SrcGeoRegion
+        , GeoAsn
+        , Custom
--- a/Data/CEF/AkamaiSIEM.csv
+++ b/Data/CEF/AkamaiSIEM.csv
@ -0,0 +1,30 @@
+TenantId,SourceSystem,"TimeGenerated [UTC]",ReceiptTime,DeviceVendor,DeviceProduct,DeviceEventClassID,LogSeverity,OriginalLogSeverity,DeviceAction,SimplifiedDeviceAction,Computer,CommunicationDirection,DeviceFacility,DestinationPort,DestinationIP,DeviceAddress,DeviceName,Message,Protocol,SourcePort,SourceIP,RemoteIP,RemotePort,MaliciousIP,ThreatSeverity,IndicatorThreatType,ThreatDescription,ThreatConfidence,ReportReferenceLink,MaliciousIPLongitude,MaliciousIPLatitude,MaliciousIPCountry,DeviceVersion,Activity,ApplicationProtocol,EventCount,DestinationDnsDomain,DestinationServiceName,DestinationTranslatedAddress,DestinationTranslatedPort,DeviceDnsDomain,DeviceExternalID,DeviceInboundInterface,DeviceNtDomain,DeviceOutboundInterface,DevicePayloadId,ProcessName,DeviceTranslatedAddress,DestinationHostName,DestinationMACAddress,DestinationNTDomain,DestinationProcessId,DestinationUserPrivileges,DestinationProcessName,DeviceTimeZone,DestinationUserID,DestinationUserName,DeviceMacAddress,ProcessID,ExternalID,FileCreateTime,FileHash,FileID,FileModificationTime,FilePath,FilePermission,FileType,FileName,FileSize,ReceivedBytes,OldFileCreateTime,OldFileHash,OldFileID,OldFileModificationTime,OldFileName,OldFilePath,OldFilePermission,OldFileSize,OldFileType,SentBytes,RequestURL,RequestClientApplication,RequestContext,RequestCookies,RequestMethod,SourceHostName,SourceMACAddress,SourceNTDomain,SourceDnsDomain,SourceServiceName,SourceTranslatedAddress,SourceTranslatedPort,SourceProcessId,SourceUserPrivileges,SourceProcessName,SourceUserID,SourceUserName,EventType,DeviceCustomIPv6Address1,DeviceCustomIPv6Address1Label,DeviceCustomIPv6Address2,DeviceCustomIPv6Address2Label,DeviceCustomIPv6Address3,DeviceCustomIPv6Address3Label,DeviceCustomIPv6Address4,DeviceCustomIPv6Address4Label,DeviceCustomFloatingPoint1,DeviceCustomFloatingPoint1Label,DeviceCustomFloatingPoint2,DeviceCustomFloatingPoint2Label,DeviceCustomFloatingPoint3,DeviceCustomFloatingPoint3Label,DeviceCustomFloatingPoint4,DeviceCustomFloatingPoint4Label,DeviceCustomNumber1,DeviceCustomNumber1Label,DeviceCustomNumber2,DeviceCustomNumber2Label,DeviceCustomNumber3,DeviceCustomNumber3Label,DeviceCustomString1,DeviceCustomString1Label,DeviceCustomString2,DeviceCustomString2Label,DeviceCustomString3,DeviceCustomString3Label,DeviceCustomString4,DeviceCustomString4Label,DeviceCustomString5,DeviceCustomString5Label,DeviceCustomString6,DeviceCustomString6Label,DeviceCustomDate1,DeviceCustomDate1Label,DeviceCustomDate2,DeviceCustomDate2Label,FlexDate1,FlexDate1Label,FlexNumber1,FlexNumber1Label,FlexNumber2,FlexNumber2Label,FlexString1,FlexString1Label,FlexString2,FlexString2Label,AdditionalExtensions,"StartTime [UTC]","EndTime [UTC]",Type,"_ResourceId"
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:16.933 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:17.766 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:18.796 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:19.820 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:20.852 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:21.879 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:22.900 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,,,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,182,,,,,,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id",,,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:22.901 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:23.921 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:24.941 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:25.953 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:26.974 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:27.992 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:29.003 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",""path"":""/etc/logstash/testlogs/akamai_event_raw_1.log"",""@t",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:29.004 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:30.020 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:31.031 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:32.045 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:33.061 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:34.078 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:35.096 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:36.111 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:36.111 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,,,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,"16533 flexS",,,,,,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:37.126 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:38.136 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:39.150 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:40.165 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:41.181 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCache-Control:+no-cache\\nHost:+api.sample-group.com\\nUser-Agent:+Moz"",",,,CommonSecurityLog,
+"9143fd29-fe92-43be-93e9-3f0a4bcaeef4",OpsManager,"11/13/2020, 4:27:42.189 PM",,Akamai,"akamai_siem",detect,5,,alert,alert,,,,443,,,,,,,"1.2.3.4",,,,,,,,,,,,"1.0","Activity detected","HTTP/1.1",,,,,,,,,,,1e5fb4a0,,,"api.sample-group.com",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1823,,,,,GET,,,,,,,,,,,,,,,,,"Source IPv6 Address",,,,,,,,,,,,,,,,,,,"655968,BOT-60124526",Rules,"Monitor query parameters with %,CMSAPI UserAgent whitelisting","Rule Messages",",CMS useragent whitelisting","Rule Data",,"Rule Selectors",,"Client Reputation",,"API ID",,,,,,,,,,,16533,"Security Config Id","APBR_31757","Firewall Policy Id","https://api.sample-group.com/page/?publication_path\\=;/enUS&url\\=;/dot-com/primeblue-medium-duramo-duramo_sl/index.html&filters\\=(sustainability:primeblue%7Cwidth:medium%7Csportsub_en_us:duramo%7Cproductlinestyle_en_us:duramo_sl);start=1603112699;AkamaiSiemRuleTags=invalid_queryparam,AKAMAI/BOT/CUST_DEFINED_BOTS;AkamaiSiemTLSVersion=tls1.2;AkamaiSiemRequestHeaders=Accept-Encoding:+gzip,compress,br\\nAccept-Language:+en-US,en\\nCac",,,CommonSecurityLog,