Fortinet black logo

Akamai Prolexic

Akamai Prolexic v1.0.0

1.0.0
Copy Link
Copy Doc ID edd35952-7162-11ed-8e6d-fa163e15d75b:454

About the connector

Akamai is an American content delivery network (CDN), cybersecurity, and cloud service company, providing web and Internet security services.

This document provides information about the Akamai Prolexic Connector, which facilitates automated interactions, with an Akamai Prolexic server using FortiSOAR™ playbooks. Add the Akamai Prolexic Connector as a step in FortiSOAR™ playbooks and perform automated operations with Akamai Prolexic.

Version information

Connector Version: 1.0.0

Authored By: Community

Certified: No

Accessing the Akamai Prolexic API

Follow these steps to create an authentication credential that contains the client token and client secret required to authenticate Akamai API.

  1. Launch Identity and Access Management.
  2. In Control Center, select ? > ACCOUNT ADMIN > Identity & access.
  3. Under Users and API Clients, click Create API client.
  4. Click Quick to create an API client with access levels, group roles, and permissions identical to your current login.
  5. Click Show additional details to verify the APIs you can access.
  6. Enter the API service's name in the Filter field to verify that it's included and that you have the proper level of access.
  7. Click Hide additional details to return to the Details and Credentials information.
  8. Keep the API client for you page open.
  9. Click Download in the Credentials section.
  10. Open the downloaded file with a text editor.
  11. Copy the following information from the downloaded file:
    • client_secret
    • host
    • access_token
    • Client_token

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-akamai

Prerequisites to configuring the connector

  • You must have the URL of the Akamai Prolexic server to which you connect and perform automated operations, and credentials to access that server.
  • The FortiSOAR™ server should have outbound connectivity to port 443 on the Akamai Prolexic server.

Minimum Permissions Required

  • Not Applicable

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Content Hub page, click the Manage tab, and then click the Akamai Prolexic connector card. On the connector popup, click the Configurations tab to enter the required configuration details:

Parameter Description
Server URL URL or host of the Akamai server to which you connect and perform the automated operations. This information is contained in the host field when Accessing the Akamai API.
Client Token Client token used to access the Akamai server. This information is contained in the Client_token field when Accessing the Akamai API.
Access Token Access token used to access the Akamai serverThis information is contained in the access_token field when Accessing the Akamai API.
Client Secret Client secret of the Akamai server. This information is contained in the client_secret field when Accessing the Akamai API.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.By default, this option is set to True.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations:

Function Description Annotation and Category
List Critical Events Retrieves a list of critical events for a customer from Akamai based on the contract name you have specified. list_critical_events
Investigation
List Events Retrieves a list of all events for a customer from Akamai based on the contract name you have specified. list_events
Investigation
List Attack Reports Retrieves a list of attack reports for a customer from Akamai based on the contract name and the time range you have specified.. list_attack_reports
Investigation
Get An Attack Report Retrieves an attack report for a customer based on the contract name and Attack ID you have specified. get_an_attack_report
Investigation

operation: List Critical Events

Input parameters

Parameter Description
Contract Name Specify the policy domain name of the data center or proxy to which events belong. This is also known as Contract in Akamai

Output

The output contains the following populated JSON schema:
{
"status": "",
"currentContract": "",
"statusMsg": "",
"data": [
{
"siteType": "",
"source": "",
"location": "",
"ip": "",
"summary": "",
"instance": "",
"interfaceName": "",
"count": "",
"siteCustomerName": "",
"eventId": "",
"siteName": "",
"acknowledged": "",
"state": "",
"recentOccur": "",
"expires": "",
"node": "",
"importance": "",
"notes": "",
"firstOccur": "",
"description": ""
}
]
}

operation: List Events

Input parameters

Parameter Description
Contract Name Specify the policy domain name of the data center or proxy to which events belong. This is also known as Contract in Akamai

Output

The output contains the following populated JSON schema:
{
"status": "",
"currentContract": "",
"statusMsg": "",
"data": [
{
"service": "",
"eventType": "",
"isOngoing": "",
"eventStartTime": "",
"eventTitle": "",
"severity": "",
"eventEndTime": "",
"eventInfo": {
"location": "",
"lastOccurred": "",
"attackId": ""
}
},
{
"service": "",
"eventType": "",
"isOngoing": "",
"eventStartTime": "",
"eventTitle": "",
"severity": "",
"eventEndTime": "",
"eventInfo": {
"eventTicketId": "",
"attackType": "",
"endTime": "",
"attackEventId": "",
"destinationIPs": "",
"startTime": ""
}
}
]
}

operation: List Attack Reports

Input parameters

Parameter Description
Start Time Specify the start date-time of the range from when you want to retrieve the attack report.
End Time Specify the end date-time of the range till when you want to retrieve the attack report.
Contract Name Specify the policy domain name of the data center or proxy to which events belong. This is also known as Contract in Akamai

Output

The output contains the following populated JSON schema:
{
"status": "",
"currentContract": "",
"statusMsg": "",
"data": [
{
"attackId": "",
"destinationPort": "",
"eventStartTime": "",
"ticketId": "",
"eventEndTime": "",
"eventStartTimeAsString": "",
"endTime": "",
"eventId": "",
"eventEndTimeAsString": "",
"startTime": "",
"eventTypes": [],
"peaks": [
{
"location": "",
"peakId": "",
"bandwidth": "",
"pps": ""
}
],
"destinations": [
{
"netmask": "",
"ip": ""
}
]
}
]
}

operation: Get An Attack Report

Input parameters

Parameter Description
Attack ID Specify the unique ID of each attack that you want to retrieve from Akamai. This ID is returned in the output when listing attack reports.
Contract Name Specify the policy domain name of the data center or proxy to which events belong. This is also known as Contract in Akamai

Output

The output contains the following populated JSON schema:
{
"status": "",
"currentContract": "",
"statusMsg": "",
"data": [
{
"attackId": "",
"destinationPort": "",
"eventStartTime": "",
"eventPeakId": "",
"attackTypeName": "",
"netmask": "",
"eventEndTime": "",
"location": "",
"endTime": "",
"eventBw": "",
"ticketId": "",
"eventId": "",
"eventPps": "",
"ip": "",
"startTime": ""
}
]
}

Included playbooks

The Sample - Akamai Prolexic - 1.0.0 playbook collection comes bundled with the Akamai Prolexic connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Akamai Prolexic connector.

  • Get An Attack Report
  • List Attack Reports
  • List Critical Events
  • List Events

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next

About the connector

Akamai is an American content delivery network (CDN), cybersecurity, and cloud service company, providing web and Internet security services.

This document provides information about the Akamai Prolexic Connector, which facilitates automated interactions, with an Akamai Prolexic server using FortiSOAR™ playbooks. Add the Akamai Prolexic Connector as a step in FortiSOAR™ playbooks and perform automated operations with Akamai Prolexic.

Version information

Connector Version: 1.0.0

Authored By: Community

Certified: No

Accessing the Akamai Prolexic API

Follow these steps to create an authentication credential that contains the client token and client secret required to authenticate Akamai API.

  1. Launch Identity and Access Management.
  2. In Control Center, select ? > ACCOUNT ADMIN > Identity & access.
  3. Under Users and API Clients, click Create API client.
  4. Click Quick to create an API client with access levels, group roles, and permissions identical to your current login.
  5. Click Show additional details to verify the APIs you can access.
  6. Enter the API service's name in the Filter field to verify that it's included and that you have the proper level of access.
  7. Click Hide additional details to return to the Details and Credentials information.
  8. Keep the API client for you page open.
  9. Click Download in the Credentials section.
  10. Open the downloaded file with a text editor.
  11. Copy the following information from the downloaded file:
    • client_secret
    • host
    • access_token
    • Client_token

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-akamai

Prerequisites to configuring the connector

Minimum Permissions Required

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Content Hub page, click the Manage tab, and then click the Akamai Prolexic connector card. On the connector popup, click the Configurations tab to enter the required configuration details:

Parameter Description
Server URL URL or host of the Akamai server to which you connect and perform the automated operations. This information is contained in the host field when Accessing the Akamai API.
Client Token Client token used to access the Akamai server. This information is contained in the Client_token field when Accessing the Akamai API.
Access Token Access token used to access the Akamai serverThis information is contained in the access_token field when Accessing the Akamai API.
Client Secret Client secret of the Akamai server. This information is contained in the client_secret field when Accessing the Akamai API.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.By default, this option is set to True.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations:

Function Description Annotation and Category
List Critical Events Retrieves a list of critical events for a customer from Akamai based on the contract name you have specified. list_critical_events
Investigation
List Events Retrieves a list of all events for a customer from Akamai based on the contract name you have specified. list_events
Investigation
List Attack Reports Retrieves a list of attack reports for a customer from Akamai based on the contract name and the time range you have specified.. list_attack_reports
Investigation
Get An Attack Report Retrieves an attack report for a customer based on the contract name and Attack ID you have specified. get_an_attack_report
Investigation

operation: List Critical Events

Input parameters

Parameter Description
Contract Name Specify the policy domain name of the data center or proxy to which events belong. This is also known as Contract in Akamai

Output

The output contains the following populated JSON schema:
{
"status": "",
"currentContract": "",
"statusMsg": "",
"data": [
{
"siteType": "",
"source": "",
"location": "",
"ip": "",
"summary": "",
"instance": "",
"interfaceName": "",
"count": "",
"siteCustomerName": "",
"eventId": "",
"siteName": "",
"acknowledged": "",
"state": "",
"recentOccur": "",
"expires": "",
"node": "",
"importance": "",
"notes": "",
"firstOccur": "",
"description": ""
}
]
}

operation: List Events

Input parameters

Parameter Description
Contract Name Specify the policy domain name of the data center or proxy to which events belong. This is also known as Contract in Akamai

Output

The output contains the following populated JSON schema:
{
"status": "",
"currentContract": "",
"statusMsg": "",
"data": [
{
"service": "",
"eventType": "",
"isOngoing": "",
"eventStartTime": "",
"eventTitle": "",
"severity": "",
"eventEndTime": "",
"eventInfo": {
"location": "",
"lastOccurred": "",
"attackId": ""
}
},
{
"service": "",
"eventType": "",
"isOngoing": "",
"eventStartTime": "",
"eventTitle": "",
"severity": "",
"eventEndTime": "",
"eventInfo": {
"eventTicketId": "",
"attackType": "",
"endTime": "",
"attackEventId": "",
"destinationIPs": "",
"startTime": ""
}
}
]
}

operation: List Attack Reports

Input parameters

Parameter Description
Start Time Specify the start date-time of the range from when you want to retrieve the attack report.
End Time Specify the end date-time of the range till when you want to retrieve the attack report.
Contract Name Specify the policy domain name of the data center or proxy to which events belong. This is also known as Contract in Akamai

Output

The output contains the following populated JSON schema:
{
"status": "",
"currentContract": "",
"statusMsg": "",
"data": [
{
"attackId": "",
"destinationPort": "",
"eventStartTime": "",
"ticketId": "",
"eventEndTime": "",
"eventStartTimeAsString": "",
"endTime": "",
"eventId": "",
"eventEndTimeAsString": "",
"startTime": "",
"eventTypes": [],
"peaks": [
{
"location": "",
"peakId": "",
"bandwidth": "",
"pps": ""
}
],
"destinations": [
{
"netmask": "",
"ip": ""
}
]
}
]
}

operation: Get An Attack Report

Input parameters

Parameter Description
Attack ID Specify the unique ID of each attack that you want to retrieve from Akamai. This ID is returned in the output when listing attack reports.
Contract Name Specify the policy domain name of the data center or proxy to which events belong. This is also known as Contract in Akamai

Output

The output contains the following populated JSON schema:
{
"status": "",
"currentContract": "",
"statusMsg": "",
"data": [
{
"attackId": "",
"destinationPort": "",
"eventStartTime": "",
"eventPeakId": "",
"attackTypeName": "",
"netmask": "",
"eventEndTime": "",
"location": "",
"endTime": "",
"eventBw": "",
"ticketId": "",
"eventId": "",
"eventPps": "",
"ip": "",
"startTime": ""
}
]
}

Included playbooks

The Sample - Akamai Prolexic - 1.0.0 playbook collection comes bundled with the Akamai Prolexic connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Akamai Prolexic connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next