An Introduction to SIEM Event Delivery

The world is a busy place, and the Akamai Identity Cloud is no exception. New users come to your website and create accounts. Existing users come back to your website and log on. Users change their addresses and forget their passwords; support personnel create new entity type schemas and modify existing entity type schemas. As an Identity Cloud administrator, the list of event types that might be of interest to you goes on and on.

And on.

Anytime one of these events occurs, the Akamai Identity Cloud tracks what happened, and when (and where and ….). In turn, this information is stored in an events database, a tool that Akamai uses to do such things as help monitor performance and trends, help spot potential security issues, and help plan for future improvements to the product.

That’s great for Akamai, but what about Akamai customers? Well, the good news is that a subset of these events has always been made available to Identity Cloud subscribers. The not-so-good news? As a general rule, accessing these events hasn’t always been easy (especially if you were interested in getting a copy of the raw data). Likewise, describing the events made available to customers a “subset of events” has been very apt: organizations have only been given access to a handful of events, most of which involved user logins and registrations. There’s nothing wrong with that: user logins and registrations are events organizations need to know about. At the same time, however, administrators are interested in more than just user logins and registrations. For better or worse, however, getting a handle on everything that talks place in the Identity Cloud – all the API clients that were created or deleted, all the entity types that were purged, all the access tokens that were granted – hasn’t always been easy.

To say the least.

Fortunately, and thanks to the new General Event Delivery service, those two problems – a lack of event types and difficulty accessing those events – are largely a thing of the past. For one thing, the General Event Delivery service will soon triple the number of events available to organizations, with even more event types on the way (although, in all fairness, there are only a dozen or so events available at the moment). On top of that, there are several different ways to access this event information, starting with the subject of this documentation: SIEM Event Delivery. To help introduce you to this new service, the documentation covers such things as:

We’ll start by talking about how the event delivery service whitelist, a feature that helps illustrate the scalability and flexibility built into the SIEM event service. We’ll also take a brief detour to try and put SIEM Event Delivery into context with other Identity Cloud eventing and analytic tools. And, from there, we’ll launch into the nuts-and-bolts of configuring and using the Identity Cloud SIEM Event Delivery service.

Note. Before you ask, SIEM (pronounced “sim”) is short for Security Information and Event Management, and is a recognized standard for aggregating, and analyzing, events within an IT organization. For more information, see the article Identity Cloud SIEM Events.