|
| 1 | +--- |
| 2 | +id: akamai-cpc |
| 3 | +title: Akamai CPC |
| 4 | +sidebar_label: Akamai CPC |
| 5 | +description: Detect and respond to threats in real time to ensure compliance and secure your client-side web applications. |
| 6 | +--- |
| 7 | + |
| 8 | +import useBaseUrl from '@docusaurus/useBaseUrl'; |
| 9 | + |
| 10 | +<img src={useBaseUrl('img/integrations/saas-cloud/akamai.svg')} alt="Thumbnail icon" width="100"/> |
| 11 | + |
| 12 | +The Sumo Logic app for Akamai Client-Side Protection (CPC) helps organizations monitor and secure their client-side web applications. It provides real-time visibility into alerts, threat indicators, and data exposure risks from client-side scripts, enabling fast and accurate threat detection. Using Akamai’s data, the app identifies threats like data exfiltration, script-based attacks, policy violations, and insecure handling of sensitive data. Pre-configured dashboards show alert trends, risk levels, and anomalies, helping analysts investigate incidents and respond efficiently. With clear visualizations and detailed event insights, the app supports compliance (e.g., PCI) and strengthens the security of client-facing digital assets. |
| 13 | + |
| 14 | +:::info |
| 15 | +This app includes [built-in monitors](#akamai-cpc-monitors). For details on creating custom monitors, refer to the [Create monitors for Akamai CPC app](#create-monitors-for-akamai-cpc-app). |
| 16 | +::: |
| 17 | + |
| 18 | +## Log types |
| 19 | + |
| 20 | +This app uses Sumo Logic’s [Akamai CPC Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/akamai-cpc-source/) to collect the alerts and their details from the Akamai CPC platform. |
| 21 | + |
| 22 | +### Sample log messages |
| 23 | + |
| 24 | +<details> |
| 25 | +<summary>Alerts</summary> |
| 26 | + |
| 27 | +```json |
| 28 | +{ |
| 29 | + "cpcConfigId": 10286, |
| 30 | + "cpcAlertId": "e1-b10064e2", |
| 31 | + "cpcAlertLink": "/client-side-protection-and-compliance/v2/cpc-configs/10286/cpc-alerts/e1-b10064e2", |
| 32 | + "cpcAlertType": "SENSITIVE_DATA_EXFILTRATION_E1_CPC_ALERT", |
| 33 | + "severityLevel": "INFO", |
| 34 | + "cpcAlertStatus": "OPEN", |
| 35 | + "cpcAlertFlags": [], |
| 36 | + "alertTime": "2025-06-09T13:49:16.071+0000", |
| 37 | + "firstSeenTime": "2025-06-05T18:41:03.603+0000", |
| 38 | + "lastSeenTime": "2025-06-09T13:48:42.792+0000" |
| 39 | +} |
| 40 | +``` |
| 41 | +</details> |
| 42 | + |
| 43 | +<details> |
| 44 | +<summary>Alert Details</summary> |
| 45 | + |
| 46 | +```json |
| 47 | +{ |
| 48 | + "cpcConfigId": 10286, |
| 49 | + "cpcAlertId": "e1-b10064e2", |
| 50 | + "cpcAlertLink": "/client-side-protection-and-compliance/v2/cpc-configs/10286/cpc-alerts/e1-b10064e2", |
| 51 | + "cpcAlertType": "SENSITIVE_DATA_EXFILTRATION_E1_CPC_ALERT", |
| 52 | + "severityLevel": "INFO", |
| 53 | + "cpcAlertStatus": "OPEN", |
| 54 | + "cpcAlertFlags": [], |
| 55 | + "alertTime": "2025-06-09T13:49:16.071+0000", |
| 56 | + "firstSeenTime": "2025-06-05T18:41:03.603+0000", |
| 57 | + "lastSeenTime": "2025-06-09T13:48:42.792+0000", |
| 58 | + "links": [ |
| 59 | + { |
| 60 | + "rel": "self", |
| 61 | + "href": "/client-side-protection-and-compliance/v2/cpc-configs/10286/cpc-alerts/e1-b10064e2" |
| 62 | + }, |
| 63 | + { |
| 64 | + "rel": "control-center", |
| 65 | + "href": "https://control.akamai.com/apps/securitycenter/#/page-integrity-console?view=incident-details&incidentId=b10064e2&configId=10286&scConfigId=10286" |
| 66 | + }, |
| 67 | + { |
| 68 | + "rel": "cpc-alerts", |
| 69 | + "href": "/client-side-protection-and-compliance/v2/cpc-configs/10286/cpc-alerts" |
| 70 | + }, |
| 71 | + { |
| 72 | + "rel": "cpc-config", |
| 73 | + "href": "/client-side-protection-and-compliance/v2/cpc-configs/10286" |
| 74 | + } |
| 75 | + ], |
| 76 | + "details": { |
| 77 | + "affectedSessionCount": 4288, |
| 78 | + "scriptSource": { |
| 79 | + "scriptHostname": "www.ihg.com", |
| 80 | + "scriptUrls": [ |
| 81 | + "https://www.ihg.com/resources/gb/en/customer-care/forms/v14.118.0/chunk-L6HJ7Y67.js" |
| 82 | + ], |
| 83 | + "scriptOrigin": "FIRST_PARTY", |
| 84 | + "hostnameRiskScore": "LOW_RISK", |
| 85 | + "vendor": null |
| 86 | + }, |
| 87 | + "destination": { |
| 88 | + "destinationHostname": "apis.ihg.com", |
| 89 | + "destinationUrls": [ |
| 90 | + "https://apis.ihg.com/members/v3/resetPassword" |
| 91 | + ], |
| 92 | + "hostnameRiskScore": "LOW_RISK", |
| 93 | + "vendor": null |
| 94 | + }, |
| 95 | + "pages": null, |
| 96 | + "dataType": null, |
| 97 | + "dataSubtypes": [ |
| 98 | + { |
| 99 | + "dataSubtype": "EMAIL", |
| 100 | + "dataOperations": [ |
| 101 | + "VALUES_READ", |
| 102 | + "VALUES_SENT_OVER_NETWORK" |
| 103 | + ], |
| 104 | + "selectors": [ |
| 105 | + "#gigya-loginID-62290586448469890, :nth-child(2) > :nth-child(1) > :nth-child(1) > :nth-child(2) > :nth-child(1) > :nth-child(2)" |
| 106 | + ] |
| 107 | + }, |
| 108 | + { |
| 109 | + "dataSubtype": "CREDENTIALS_PASSWORD", |
| 110 | + "dataOperations": [ |
| 111 | + "VALUES_READ", |
| 112 | + "VALUES_SENT_OVER_NETWORK" |
| 113 | + ], |
| 114 | + "selectors": [ |
| 115 | + "" |
| 116 | + ] |
| 117 | + }, |
| 118 | + { |
| 119 | + "dataSubtype": "CREDIT_CARD_NUMBER", |
| 120 | + "dataOperations": [ |
| 121 | + "VALUES_READ" |
| 122 | + ], |
| 123 | + "selectors": [ |
| 124 | + ":nth-child(2) > :nth-child(1) > :nth-child(1) > :nth-child(3) > :nth-child(1) > :nth-child(2) > :nth-child(1)" |
| 125 | + ] |
| 126 | + }, |
| 127 | + { |
| 128 | + "dataSubtype": "EMAIL", |
| 129 | + "dataOperations": [ |
| 130 | + "VALUES_READ" |
| 131 | + ], |
| 132 | + "selectors": [ |
| 133 | + "#email" |
| 134 | + ] |
| 135 | + }, |
| 136 | + { |
| 137 | + "dataSubtype": "PII_LAST_NAME", |
| 138 | + "dataOperations": [ |
| 139 | + "VALUES_READ", |
| 140 | + "VALUES_SENT_OVER_NETWORK" |
| 141 | + ], |
| 142 | + "selectors": [ |
| 143 | + "#lastName" |
| 144 | + ] |
| 145 | + }, |
| 146 | + { |
| 147 | + "dataSubtype": "PII_ADDRESS", |
| 148 | + "dataOperations": [ |
| 149 | + "VALUES_READ" |
| 150 | + ], |
| 151 | + "selectors": [ |
| 152 | + "#address1, #city" |
| 153 | + ] |
| 154 | + }, |
| 155 | + { |
| 156 | + "dataSubtype": "PII_ZIP_CODE", |
| 157 | + "dataOperations": [ |
| 158 | + "VALUES_READ" |
| 159 | + ], |
| 160 | + "selectors": [ |
| 161 | + "#zipCode" |
| 162 | + ] |
| 163 | + }, |
| 164 | + { |
| 165 | + "dataSubtype": "PII_FIRST_NAME", |
| 166 | + "dataOperations": [ |
| 167 | + "VALUES_READ", |
| 168 | + "VALUES_SENT_OVER_NETWORK" |
| 169 | + ], |
| 170 | + "selectors": [ |
| 171 | + "#firstName" |
| 172 | + ] |
| 173 | + }, |
| 174 | + { |
| 175 | + "dataSubtype": "CREDIT_CARD_EXPIRATION_DATE", |
| 176 | + "dataOperations": [ |
| 177 | + "VALUES_READ" |
| 178 | + ], |
| 179 | + "selectors": [ |
| 180 | + "#checkInDate, #checkOutDate" |
| 181 | + ] |
| 182 | + }, |
| 183 | + { |
| 184 | + "dataSubtype": "CREDENTIALS_USERNAME", |
| 185 | + "dataOperations": [ |
| 186 | + "VALUES_READ", |
| 187 | + "VALUES_SENT_OVER_NETWORK" |
| 188 | + ], |
| 189 | + "selectors": [ |
| 190 | + ":nth-child(1) > :nth-child(1) > :nth-child(1) > :nth-child(2) > :nth-child(1) > :nth-child(2) > :nth-child(2)" |
| 191 | + ] |
| 192 | + } |
| 193 | + ], |
| 194 | + "threatIndicators": [ |
| 195 | + "SENSITIVE_DATA_READ", |
| 196 | + "SENSITIVE_DATA_EXFILTRATION" |
| 197 | + ] |
| 198 | + } |
| 199 | +} |
| 200 | +``` |
| 201 | +</details> |
| 202 | + |
| 203 | +### Sample queries |
| 204 | + |
| 205 | +```sql title="Total Alerts" |
| 206 | +_sourceCategory="Labs/AkamaiCPC" |
| 207 | +| json "cpcConfigId", "cpcAlertId", "cpcAlertLink", "cpcAlertType", "severityLevel", "cpcAlertStatus", "cpcAlertFlags", "alertTime", "firstSeenTime", "lastSeenTime","details.dataSubtypes[*].dataSubtype","details.threatIndicators","details.destination.destinationHostname","details.destination.vendor","details.destination.hostnameRiskScore","details.destination.destinationUrls","details.scriptSource.vendor","details.scriptSource.hostnameRiskScore","details.scriptSource.scriptOrigin","details.scriptSource.scriptUrls","details.scriptSource.scriptHostname","details.affectedSessionCount","details.dataSubtypes[*].dataOperations[*]" as cpc_config_id, cpc_alert_id, cpc_alert_link, cpc_alert_type, severity_level, cpc_alert_status, cpc_alert_flags, alert_time, first_seen_time, last_seen_time,data_sub_type, threat_indicators,destination_hostname,destination_vendor,destination_hostname_risk_score,destination_urls, source_script_vendor, source_hostname_risk_score, source_script_origin, source_script_urls,source_hostname,affected_session_count,data_operations nodrop |
| 208 | + |
| 209 | +// global filters |
| 210 | +| where cpc_config_id matches "{{cpc_config_id}}" |
| 211 | +| where severity_level matches "{{alert_severity}}" |
| 212 | +| where cpc_alert_status matches "{{alert_status}}" |
| 213 | +| where cpc_alert_type matches "{{alert_type}}" |
| 214 | + |
| 215 | +// panel specific |
| 216 | +| count by cpc_alert_id |
| 217 | +| count |
| 218 | +``` |
| 219 | + |
| 220 | +## Collection configuration and app installation |
| 221 | + |
| 222 | +import CollectionConfiguration from '../../reuse/apps/collection-configuration.md'; |
| 223 | + |
| 224 | +<CollectionConfiguration/> |
| 225 | + |
| 226 | +:::important |
| 227 | +Use the [Cloud-to-Cloud Integration for Akamai CPC](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/akamai-cpc-source/) to create the source and use the same source category while installing the app. By following these steps, you can ensure that your Akamai CPC app is properly integrated and configured to collect and analyze your Akamai CPC data. |
| 228 | +::: |
| 229 | + |
| 230 | +### Create a new collector and install the app |
| 231 | + |
| 232 | +import AppCollectionOPtion1 from '../../reuse/apps/app-collection-option-1.md'; |
| 233 | + |
| 234 | +<AppCollectionOPtion1/> |
| 235 | + |
| 236 | +### Use an existing collector and install the app |
| 237 | + |
| 238 | +import AppCollectionOPtion2 from '../../reuse/apps/app-collection-option-2.md'; |
| 239 | + |
| 240 | +<AppCollectionOPtion2/> |
| 241 | + |
| 242 | +### Use an existing source and install the app |
| 243 | + |
| 244 | +import AppCollectionOPtion3 from '../../reuse/apps/app-collection-option-3.md'; |
| 245 | + |
| 246 | +<AppCollectionOPtion3/> |
| 247 | + |
| 248 | +## Viewing Akamai CPC dashboards |
| 249 | + |
| 250 | +import ViewDashboards from '../../reuse/apps/view-dashboards.md'; |
| 251 | + |
| 252 | +<ViewDashboards/> |
| 253 | + |
| 254 | +### Overview |
| 255 | + |
| 256 | +The **Akamai CPC - Overview ** dashboard provides a comprehensive snapshot of your client-side security posture and alert trends. It highlights alert volumes, severity levels, and configuration health over time, helping you quickly spot anomalies and areas needing attention. Security teams can monitor threat activity, identify impacted configurations, and understand common alert types. The dashboard also surfaces recurring risk indicators, such as compromised scripts, suspicious behavior, and sensitive data exposure, offering critical context for prioritizing incidents. By consolidating this information into one view, it enables faster threat response and more informed risk mitigation decisions. < br/><img src={useBaseUrl(' https://sumologic-app-data-v2.s3.us-east-1.amazonaws.com/dashboards/Akamai+CPC/Akamai+CPC+-+Overview.png')} alt="Akamai-CPC-Overview" width="800"/> |
| 257 | + |
| 258 | +### Security Overview |
| 259 | + |
| 260 | +The **Akamai CPC - Security Overview ** dashboard provides deep visibility into client-side security risks, enabling proactive detection of suspicious behavior and policy violations. It highlights critical indicators such as data exfiltration attempts, access to suspicious domains, abnormal script activity, and insecure data transmissions. With detailed event tracking and contextual insights, it helps security teams identify hidden threats, assess exposure, and ensure compliance. The dashboard supports investigations into high-risk scenarios, including compromised code, misconfigurations, and attempts to bypass protections—helping organizations safeguard user data, enforce security policies, and protect client-side environments.< br/><img src={useBaseUrl(' https://sumologic-app-data-v2.s3.us-east-1.amazonaws.com/dashboards/Akamai+CPC/Akamai+CPC+-+Security+Overview.png')} alt="Akamai-CPC-Security-Overview" width="800"/> |
| 261 | + |
| 262 | +## Create monitors for Akamai CPC app |
| 263 | + |
| 264 | +import CreateMonitors from '../../reuse/apps/create-monitors.md'; |
| 265 | + |
| 266 | +<CreateMonitors/> |
| 267 | + |
| 268 | +### Akamai CPC monitors |
| 269 | + |
| 270 | +| Name | Description | Trigger Type (Critical / Warning / MissingData) | Alert Condition | |
| 271 | +|:--|:--|:--|:--| |
| 272 | +| `Critical Severity Alerts` | This alert is triggered when client-side protection detects an event with critical severity. It indicates a high-impact threat that requires immediate investigation and remediation to prevent potential exploitation or data compromise. | Critical | Count > 0 | |
| 273 | +| `Credentials Sent Over Network Activities` | This alert is triggered when user credentials, such as passwords, are detected being transmitted over the network. It highlights potential security gaps or data leakage risks and helps enforce best practices around credential handling and data protection. | Critical | Count > 0 | |
| 274 | + |
| 275 | +## Upgrade/Downgrade the Akamai CPC app (Optional) |
| 276 | + |
| 277 | +import AppUpdate from '../../reuse/apps/app-update.md'; |
| 278 | + |
| 279 | +<AppUpdate/> |
| 280 | + |
| 281 | +## Uninstalling the Akamai CPC app (Optional) |
| 282 | + |
| 283 | +import AppUninstall from '../../reuse/apps/app-uninstall.md'; |
| 284 | + |
| 285 | +<AppUninstall/> |
0 commit comments