Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.rad.security/llms.txt

Use this file to discover all available pages before exploring further.

Akamai WAF Integration Setup

This guide walks you through provisioning EdgeGrid API credentials, identifying the Akamai security configuration IDs to monitor, and configuring the integration in RAD Security so that Akamai Web Application Firewall (WAF) events flow into your workspace as security findings. Akamai’s SIEM Integration API exposes the security events generated by App & API Protector (Kona Site Defender / Web Application Protector) policies. Once configured, RAD Security polls Akamai on a schedule and ingests the events so you can correlate WAF detections with the rest of your runtime and cloud security data.

Prerequisites

Before you begin, ensure you have:
  • Access to Akamai Control Center with permission to create API clients (Identity & Access role: API client manager or equivalent)
  • One or more Akamai security configurations with WAF / App & API Protector policies that produce SIEM events
  • Access to a RAD Security workspace with integration permissions
This integration is read-only. RAD Security calls the SIEM Integration API to fetch events; it does not modify Akamai security configurations or policies.

Step 1: Create an EdgeGrid API Client

1

Open Identity & Access

Sign in to Akamai Control Center and navigate to Identity & Access Management → API users (API clients for me).
2

Create a New API Client

  1. Click Create API client
  2. Choose Quick (single user) or Advanced (service account) depending on your policy
  3. Enter a name (e.g. RAD Security - SIEM Integration) and description
  4. Select the group / contract that owns the security configurations you want to monitor
3

Grant the SIEM Integration API

On the API services screen:
  1. Search for SIEM
  2. Select SIEM Integration and grant READ access
  3. Save the API client configuration
Without the SIEM Integration API the credentials will fail verification with a 403 Forbidden error.
4

Download the Credentials

Akamai displays the credentials only once when the client is created. Copy or download all four values:
  • Host (e.g. akab-xxxxxxxxxxxxxxxx.luna.akamaiapis.net)
  • Client Token
  • Client Secret
  • Access Token
Store the credentials securely. If you navigate away you will need to rotate the API client to retrieve new values.

Step 2: Identify Security Configuration IDs

The SIEM Integration API requires one or more security configuration IDs (sometimes called configIds) — these scope which WAF events are returned.
1

Open Application Security

In Akamai Control Center, navigate to Security → Application Security → Configurations.
2

Note the Config IDs

For each configuration you want RAD Security to ingest, copy its numeric Config ID from the list.
You can also retrieve the IDs programmatically via the Application Security API: GET /appsec/v1/configs

Step 3: Configure in RAD Security

In your RAD Security workspace, add a new Akamai WAF integration with the values gathered above:
ParameterDescriptionExample
HostEdgeGrid API host from the API client credentialsakab-xxxxxxxxxxxxxxxx.luna.akamaiapis.net
Client TokenEdgeGrid client_tokenakab-...
Client SecretEdgeGrid client_secretxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
Access TokenEdgeGrid access_tokenakab-...
Security Config IDsComma-separated list of security configuration IDs to poll12345,67890
The Host value is just the hostname — do not include https:// or a trailing slash. RAD Security signs each request using the EdgeGrid authentication scheme.
When you save the integration, RAD Security verifies the credentials against the SIEM Integration API and immediately schedules recurring polls.

Verify Integration

  1. Navigate to Data Sources → Integrations in RAD Security
  2. Locate your Akamai WAF integration
  3. Confirm the connection status shows as Connected
  4. After the first poll, open Security Findings and filter for the Akamai WAF source
Your Akamai WAF integration is now active. RAD Security will continue to pull new WAF events on its schedule.

What Data is Synced

  • Triggered rules and rule actions (alert, deny, monitor)
  • Attack categories (SQLi, XSS, RFI, etc.)
  • Client IP, geolocation, and user agent
  • Request method, URI, and host
  • Risk score and severity
  • Security configuration and policy IDs
  • Akamai edge server and region
  • Event timestamp and unique event ID
  • HTTP status returned to the client

Use Cases

Cross-Layer Correlation

Correlate WAF detections at the edge with the runtime behavior of the backend services they protect.

Attacker Tracking

Pivot from a denied WAF event to the workloads, identities, or cloud assets the same attacker may be probing.

Policy Tuning

Use ingested events to identify noisy rules or repeat offenders and inform Akamai policy tuning.

Compliance Evidence

Retain WAF events alongside other security telemetry in RAD Security for audit and reporting.

Troubleshooting

Possible causes:
  • One or more EdgeGrid credentials are incorrect
  • The Host value includes https:// or a trailing slash
  • The API client was deleted or its credentials rotated
Solution:
  • Re-check that Host, Client Token, Client Secret, and Access Token match the values from Akamai
  • Strip protocol and path: the host must be just akab-xxxxxxxx.luna.akamaiapis.net
  • Rotate the API client and update the integration with the new credentials
Possible causes:
  • The API client does not have access to the SIEM Integration API
  • The API client lacks access to the contract / group that owns the security configurations
  • The supplied Config IDs are not visible to this API client
Solution:
  • Edit the API client in Akamai and confirm SIEM Integration is granted READ
  • Confirm the client is scoped to the correct contract and group
  • Verify the Config IDs exist and belong to the same contract / group
Possible causes:
  • The configured policies are not generating WAF events
  • The Config IDs are wrong or refer to inactive configurations
  • The initial poll window has not yet completed
Solution:
  • Confirm Akamai’s Security → Events view shows recent events for the configured policies
  • Verify each Config ID matches an active security configuration
  • Allow at least one full poll interval and re-check the integration’s Last sync timestamp
  1. In Akamai Control Center, rotate the API client to generate new credentials
  2. Update Client Token, Client Secret, and Access Token on the RAD Security integration
  3. Save — RAD Security re-verifies the credentials
  4. Revoke the old credentials in Akamai

Security Best Practices

Dedicated API Client

Create a service-account-style API client used only by RAD Security so its scope and audit history are isolated.

Least Privilege

Grant only READ on SIEM Integration. Do not add unrelated Akamai APIs to the same client.

Scope to Required Groups

Limit the client to the specific group / contract that owns the security configurations you intend to monitor.

Rotate Credentials

Rotate the EdgeGrid credentials on a schedule that matches your security policy.

Additional Resources

SIEM Integration API

Official Akamai reference for the SIEM Integration API

EdgeGrid Authentication

Background on the EdgeGrid request-signing scheme

Next Steps

SIEM Integrations

Forward correlated events from RAD Security to your SIEM

Data Sources

Explore all available data sources

Workspace

Triage WAF events alongside runtime and cloud findings

Runtime Security

Layer WAF data with RAD’s container runtime security signal