Akamai WAF

LAST UPDATED: FEB 11, 2025

Overview

Kona Web Application Firewall provides always-on and highly scalable protection against web application attacks including SQL injections, cross-site scripting, and remote file inclusion - while keeping application performance high. By leveraging the globally distributed Akamai Intelligent Platform, Kona Web Application Firewall scales automatically to defend against massive application attacks and frees companies from the complexities and investment in dedicated hardware.

D3 SOAR is providing REST operations to function with Akamai WAF.

Akamai WAF is available for use in:

D3 SOAR	V14.0.384+
Category	Network Security
Deployment Options	Option II, Option IV

Connection

To connect to Akamai WAF from D3 SOAR, follow this part to collect the required information below:

Parameter	Description	Example
Server URL	The Akamai WAF server URL.	https://***.***
Access Token	The Access Token required for Akamai WAF authentication.	*****
Client Token	The Client Token required for Akamai WAF authentication.	*****
Client Secret	The Client Secret required for Akamai WAF authentication.	*****
API Version	The API version to use defaults to v1. Commands like List Contract And Group, List Host Names, and List Endpoints use v2 with different applications.	v1

READER NOTE

Users need to add API connector in the portal and saved the necessary connector information, for more detail, visit Create authentication credentials (akamai.com)

Make sure the connector has read/write right to access needed API.

Permission Requirements

Ensure the connector has READ-WRITE permissions for Application Security and API Definition to execute further commands.

Refer to Configuring Akamai WAF to Work with D3 SOAR for detailed configuration.

Configuring Akamai WAF to Work with D3 SOAR

Log in to Akamai Control Center.
Navigate to the left Navigation menu > ACCOUNT ADMIN > Identity & Access, and Create API client to add an API connector.
Click Quick to add all APIs permitted to access. The Quick option will load all applications' APIs with the highest authorization.
Save the connector information in a text file, as the credentials will only be displayed once, then click Show additional details.
For more information, visit Create authentication credentials.
Verify you have READ-WRITE rights for Application Security and API Definition to execute further commands.
Click Users and API clients to view all active connectors.
Ensure the configuration is added before outputting command results.

Configuring D3 SOAR to Work with Akamai WAF

Log in to D3 SOAR.
Find the Akamai WAF integration.
1. Navigate to Configuration on the top header menu.
2. Click on the Integration icon on the left sidebar.
3. Type Akamai WAF in the search box to find the integration, then click it to select it.
4. Click + Connection, on the right side of the Connections section. A new connection window will appear.
Configure the following fields to create a connection to Akamai WAF.
1. Connection Name: The desired name for the connection.
2. Site: Specifies the site to use the integration connection. Use the drop-down menu to select the site. The Share to Internal Sites option enables all sites defined as internal sites to use the connection. Selecting a specific site will only enable that site to use the connection.
3. Recipient site for events from connections Shared to Internal Sites: This field is displayed when Share to Internal Sites is selected for the Site field, allowing selection of the internal site for deploying the integration connection.
4. Agent Name (Optional): Specifies the proxy agent required to build the connection. Use the dropdown menu to select the proxy agent from a list of previously configured proxy agents.
5. Description (Optional): Add a description for the connection.
6. Tenant (Optional): When configuring the connection from a master tenant site, users have the option to choose the specific tenant sites to share the connection with. Once this setting is enabled, users can filter and select the desired tenant sites from the dropdowns to share the connection.
7. Configure User Permissions: Defines which users have access to the connection.
8. Active: Check the checkbox to ensure the connection is available for use.
9. System: This section contains the parameters defined specifically for the integration. These parameters must be configured to create the integration connection.
  1. Input the domain level Server URL.
  2. Input the Access Token from the Akamai WAF platform. Refer to step 3 of Configuring Akamai WAF to Work with D3 SOAR.
  3. Input the Client Token from the Akamai WAF platform. Refer to step 3 of Configuring Akamai WAF to Work with D3 SOAR.
  4. Input the Client Secret from the Akamai WAF platform. Refer to step 3 of Configuring Akamai WAF to Work with D3 SOAR.
  5. Input the API Version. The default value is v1.
10. Enable Password Vault: An optional feature that allows users to take the stored credentials from their own password vault. Refer to the password vault connection guide if needed.
11. Connection Health Check: Periodically checks the connection status by scheduling the Test Connection command at the specified interval (in minutes). Available only for active connections, this feature also allows configuring email notifications for failed attempts.
Test the connection.
1. Click on the Test Connection button to verify credentials and connectivity. A success alert displays Passed with a green checkmark. If the connection fails, review the parameters and retry.
2. Click OK to close the alert window.
3. Click + Add to create and add the configured connection.

Commands

Akamai WAF includes the following executable commands for users to set up schedules or create playbook workflows. With the Test Command, you can execute these commands independently for playbook troubleshooting.

Integration API Note

For more information about the Akamai WAF API, Refer to the Akamai WAF API reference.

READER NOTE

Certain permissions are required for each command. Refer to the Permission Requirements and Configuring Akamai WAF to Work with D3 SOAR for details.

Note for Time-related parameters

The input format of time-related parameters may vary based on your account settings. As a result, the sample data provided in our commands is different from what you see. To set your preferred time format, follow these steps:

Navigate to Configuration > Application Settings. Select Date/Time Format.
Choose your desired date and time format.

After that, users will be able to view their preferred time format when configuring the DateTime input parameters for commands.

Create Custom Deny Action

Creates a new custom deny action for a specific configuration version.

READER NOTE

Configuration ID and Version Number are required parameters to run this command.

Run the List Configurations command to obtain the Configuration ID. Configuration IDs can be found in the raw data returned at the path $.configurations[*].id.
Run the List Configuration Version command to obtain the Version Number. Version Numbers can be found in the raw data returned at the path $.versionList[*].version.

Input

Input Parameter	Required/Optional	Description	Example
Configuration ID	Required	The unique identifier for each configuration. Configuration ID can be obtained using the List Configurations command.	*****
Version Number	Required	The unique identifier which must be the last created version of a configuration. Version Number can be obtained using the List Configuration Version command.	1
Description	Optional	The description of the custom deny action.	test description
Deny Action Name	Required	The name assigned to the custom deny action.	new custom deny
Prevent Browser Caching	Required	Whether nothing from the requesting browser is cached.	True
Response Status Code	Required	The numerical response of the status code for your custom deny. The default response status code is 403. You can enter any numerical value between 100 and 999.	200
Response Content Type	Required	The response body: application/xml; application/json; text/html; text/xml or create your own content type.	application/json
Response Body Content	Required	The body of your application/json or application/xml response.	application/xml
Options	Optional	The options allowing users to add more details such as response header. Refer to Deny name values for more information.	JSON `[ { "name": "custom_deny_path", "value": "/software/htp/cics/index.html" }, { "name": "include_reference_id", "value": true }, { "name": "include_true_ip", "value": true }, { "name": "response_header_name", "value": "testheader" }, { "name": "response_header_value", "value": "server: Apache" } ]`

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Create Custom Deny Action failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Akamai WAF portal. Refer to the HTTP Status Code Registry for details.	Status Code: 400.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Server Url is not valid in format.

Error Sample Data

Create Custom Deny Action failed.

Status Code: 400.

Message: Server Url is not valid in format.

Fetch Event

Returns activity data based on specified filters.

READER NOTE

The parameter Configuration IDs is required to run this command.

Run the List Configurations command to obtain Configuration IDs. Configuration IDs can be found in the raw data at the path $.configurations[*].id.

Input

Input Parameter	Required/Optional	Description	Example
Start Time	Required	The start of the date range for events in UTC time.	2022-04-24 00:00
End Time	Optional	The end of the date range for events in UTC time.	2022-05-24 00:00
Configuration IDs	Required	The unique identifier for each configuration. Configuration IDs can be obtained using the List Configurations command.	JSON `[***, ***]`
Number of Event(s) Fetched	Optional	The maximum number of activity data to be returned. Leaving this field blank will return a default of 10000 records. The maximum value is 600000. If the input is blank or 0, this command will return all events that match the given time period, which may exceed the default limit of 10000 or 600000.	2

Output

To view the sample output data for all commands, refer to this article.

Fetch Event Field Mapping

Note that Fetch Event commands require event field mapping. Field mapping plays a key role in the data normalization process part of the event pipeline. Field mapping converts the original data fields from the different providers to the D3 fields which are standardized by the D3 Model. Refer to Event and Incident Intake Field Mapping for details.

To customize field mapping, click + Add Field and add the custom field of your choice. You can also remove built-in field mappings by clicking x. Note that two underscore characters will automatically prefix the defined Field Name as the System Name for a custom field mapping. Additionally, if an input Field Name contains any spaces, they will automatically be replaced with underscores for the corresponding System Name.

As a system integration, the Akamai WAF integration has some pre-configured field mappings for default field mapping.

Default Event Source
The Default Event Source is the default set of field mappings that are applied when this fetch event command is executed. For out-of-the-box integrations, you will find a set of field mapping provided by the system. Default event source provides field mappings for common fields from fetched events. The default event source has a “Main Event JSON Path” (i.e., $) that is used to extract a batch of events from the response raw data. Click Edit Event Source to view the “Main Event JSON Path”.
- Main Event JSON Path: $
  The Main Event JSON Path determines the root path where the system starts parsing raw response data into D3 event data. The JSON path begins with $, representing the root element. The path is formed by appending a sequence of child elements to $, each separated by a dot (.). Square brackets with nested quotation marks ([‘...’]) should be used to separate child elements in JSON arrays.
  For example, the root node of a JSON Path is $. The child node denoting the Unique Event Key field would be httpMessage.requestId. Putting it together, the JSON Path expression to extract the Unique Event Key is $.httpMessage.requestId.

The pre-configured field mappings are detailed below:

Field Name	Source Field
Unique Event Key	.httpMessage.requestId
Event Type	.type
Start Time	.httpMessage.start
Event name	.eventName
ASNGeoSrc	.geo.asn
SourceCountry	.geo.country
Source City	.geo.city
Source IP address	.attackData.clientIP
Rule name	.attackDataDetails.ruleMessages
Rule ID	.attackDataDetails.rules
Rule Actions	.attackDataDetails.ruleActions

Error Handling

If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Fetch Event failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Akamai WAF portal. Refer to the HTTP Status Code Registry for details.	Status Code: 400.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Server Url is not valid in format.

Error Sample Data

Fetch Event failed.

Status Code: 400.

Message: Server Url is not valid in format.

Get Custom Deny Action

Retrieves a custom deny action for a specific configuration version.

READER NOTE

Configuration ID, Version Number and Custom Deny ID are required parameters to run this command.

Run the List Configuration Version command to obtain the Configuration ID. Configuration IDs can be found in the raw data returned at the path $.versionList[*].configId.
Run the List Configuration Version command to obtain the Version Number. Version Numbers can be found in the raw data returned at the path $.versionList[*].version.
Run the List Custom Deny Action command to obtain the Custom Deny ID. Custom Deny IDs can be found in the raw data returned at the path $.customDenyList[*].id.

Input

Input Parameter	Required/Optional	Description	Example
Configuration ID	Required	The unique identifier for each configuration. Configuration ID can be obtained using the List Configuration Version command.	*****
Version Number	Required	The unique identifier which must be the last created version of a configuration. Version Number can be obtained using the List Configuration Version command.	1
Custom Deny ID	Required	The unique identifier for each custom deny action. Custom Deny ID can be obtained using the List Custom Deny Action command.	JSON `["*****"]`

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Get Custom Deny Action failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Akamai WAF portal. Refer to the HTTP Status Code Registry for details.	Status Code: 400.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Server Url is not valid in format.

Error Sample Data

Get Custom Deny Action failed.

Status Code: 400.

Message: Server Url is not valid in format.

Get Rate Policy

Returns the specified rate policy.

READER NOTE

Configuration ID, Version Number and Rate Policy ID are required parameters to run this command.

Run the List Configuration Version command to obtain the Configuration ID. Configuration IDs can be found in the raw data returned at the path $.versionList[*].configId.
Run the List Configuration Version command to obtain the Version Number. Version Numbers can be found in the raw data returned at the path $.versionList[*].version.
Run the List Rate Policies command to obtain the Rate Policy ID. Rate Policy IDs can be found in the raw data returned at the path $.ratePolicies[*].id.

Input

Input Parameter	Required/Optional	Description	Example
Configuration ID	Required	The unique identifier for each configuration. Configuration ID can be obtained using the List Configuration Version command.	*****
Version Number	Required	The unique identifier for each version of the configuration. Version Number can be obtained using the List Configuration Version command.	1
Rate Policy ID	Required	The unique identifier for each rate policy. Rate Policy ID can be obtained using the List Rate Policies command.	CODE `[*****]`

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Get Rate Policy failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Akamai WAF portal. Refer to the HTTP Status Code Registry for details.	Status Code: 400.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Server Url is not valid in format.

Error Sample Data

Get Rate Policy failed.

Status Code: 400.

Message: Server Url is not valid in format.

Get Security Policy

Returns the specified security policy.

READER NOTE

Configuration ID, Version Number and Rate Policy ID are required parameters to run this command.

Run the List Configuration Version command to obtain the Configuration ID. Configuration IDs can be found in the raw data returned at the path $.versionList[*].configId.
Run the List Configuration Version command to obtain the Version Number. Version Numbers can be found in the raw data returned at the path $.versionList[*].version.
Run the List Security Policy command to obtain the Rate Policy ID. Rate Policy IDs can be found in the raw data returned at the path $.policies[*].policyId.

Input

Input Parameter	Required/Optional	Description	Example
Configuration ID	Required	The unique identifier for each configuration. Configuration ID can be obtained using the List Configuration Version command.	*****
Version Number	Required	The unique identifier for each version of the configuration. Version Number can be obtained using the List Configuration Version command.	1
Policy ID	Required	The unique identifier for each security policy. Policy ID can be obtained using the List Security Policy command.	CODE `["*****"]`

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Get Security Policy failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Akamai WAF portal. Refer to the HTTP Status Code Registry for details.	Status Code: 400.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Server Url is not valid in format.

Error Sample Data

Get Security Policy failed.

Status Code: 400.

Message: Server Url is not valid in format.

List Configurations

Lists available security configurations.

Input

N/A

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	List Configurations failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Akamai WAF portal. Refer to the HTTP Status Code Registry for details.	Status Code: 400.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Server Url is not valid in format.

Error Sample Data

List Configurations failed.

Status Code: 400.

Message: Server Url is not valid in format.

List Configuration Version

Lists available versions for the specified security configuration, with results optionally paginated.

READER NOTE

Configuration ID is a required parameter to run this command.

Run the List Configuration command to obtain the Configuration ID. Configuration IDs can be found in the raw data at the path $.versionList[*].configId.

Input

Input Parameter	Required/Optional	Description	Example
Configuration ID	Required	The unique identifier for each configuration to get versions. Configuration ID can be obtained using the List Configuration command.	*****
Page	Optional	The index of the result page.	1
Page Size	Optional	The number of items on each result page.	10
Detail	Required	The results contain detailed information on versions, when select to True. When select to False, the results contain summary information on the versions.	True

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	List ConfigurationVersion failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Akamai WAF portal. Refer to the HTTP Status Code Registry for details.	Status Code: 400.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Server Url is not valid in format.

Error Sample Data

List ConfigurationVersion failed.

Status Code: 400.

Message: Server Url is not valid in format.

List Contract and Group

Lists the contracts and groups for your account. This command provides information for creating a new security configuration or getting a list of hostnames.

Input

N/A

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	List Contract And Group failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Akamai WAF portal. Refer to the HTTP Status Code Registry for details.	Status Code: 400.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Server Url is not valid in format.

Error Sample Data

List Contract And Group failed.

Status Code: 400.

Message: Server Url is not valid in format.

List Custom Deny Action

Creates a new custom deny action for a specific configuration version.

READER NOTE

Configuration ID and Version Number are required parameters to run this command.

Run the List Configuration Version command to obtain the Configuration ID. Configuration IDs can be found in the raw data at the path $.versionList[*].configId.
Run the List Configuration Version command to obtain the Version Number. Version Numbers can be found in the raw data at the path $.versionList[*].version.

Input

Input Parameter	Required/Optional	Description	Example
Configuration ID	Required	The unique identifier for each configuration to list custom deny action. Configuration ID can be obtained using the List Configuration Version command.	*****
Version Number	Required	The unique identifier which must be the last created version of a configuration. Version Number can be obtained using the List Configuration Version command.	6
Search	Optional	The results are filtered by name, description, or ID. You can match on substrings.	*****

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	List Custom Deny Action failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Akamai WAF portal. Refer to the HTTP Status Code Registry for details.	Status Code: 403.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Server Url is not valid in format.

Error Sample Data

List Custom Deny Action failed.

Status Code: 403.

Message: Server Url is not valid in format.

List Endpoints

Lists the available API endpoints, with results optionally paginated, sorted, and filtered. If no endpoints are available, the operation returns an empty array.

READER NOTE

Contract ID and Group ID are required parameters to run this command.

Run the List Contract and Group command to obtain the Contract ID. Contract IDs can be found in the raw data returned at the path $[*].contractId.
Run the List Contract and Group command to obtain the Group ID. Group IDs can be found in the raw data returned at the path $[*].groupId.

Input

Input Parameter	Required/Optional	Description	Example
Page	Optional	The index of page numbers, starting at the default value of 1 up to 1000 maximum.	1
Page Size	Optional	The number of endpoints on each page of results. 25 by default, up to 1000 maximum.	30
Category	Optional	The endpoints filtered by the specified "apiCategoryName", including the __UNCATEGORIZED__ keyword.	__UNCATEGORIZED__
Contains	Optional	The search query substring criteria matching the endpoint's name, description, basePath, apiCategoryName, and resourcePath.	sample
Sort By	Required	The field to sort endpoints by either the Name (corresponding to the "apiEndPointName" member) or the Updated Date. The default value is Name.	name
Sort Order	Required	The sort order. The available options are Ascending and Descending.	asc
Version Preference	Required	The preference for selecting the endpoint version to return. By default the API returns the LAST_UPDATED version. If you set the preference to ACTIVATED_FIRST, the API first attempts to return the version currently active on the production network. If such a version doesn't exist, the API attempts to return the version currently active on the staging network. If both of these checks fail, the API returns the last updated version.	LAST_UPDATED
Show	Required	The type of endpoints to return based on their visibility status. By default, the API returns ALL endpoints. You can instead decide to return ONLY_VISIBLE endpoints, or ONLY_HIDDEN endpoints. Run the Show an endpoint and Hide an endpoint operation to control which endpoints are listed.	ALL
Contract ID	Required	The contract ID to retrieve the list of endpoints. Contract ID can be obtained using the List Contract and Group command.	*****
Group ID	Required	The group ID to retrieve the list of endpoints. Group ID can be obtained using the List Contract and Group command.	*****

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	List Endpoints failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Akamai WAF portal. Refer to the HTTP Status Code Registry for details.	Status Code: 400.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Server Url is not valid in format.

Error Sample Data

List Endpoints failed.

Status Code: 400.

Message: Server Url is not valid in format.

List Host Names

Lists all hostnames through which API consumers can access an endpoint service under a given contract and group pairing.

READER NOTE

Group ID and Contract ID are required parameters to run this command.

Run the List Contract and Group command to obtain the Group ID. Group IDs can be found in the raw data returned at the path $[*].groupId.
Run the List Contract and Group command to obtain the Contract ID. Contract IDs can be found in the raw data returned at the path $[*].contractId.

Input

Input Parameter	Required/Optional	Description	Example
Group ID	Required	The group ID to retrieve the list of Host names. Group ID can be obtained using the List Contract and Group command.	*****
Contract ID	Required	The contract ID to retrieve the list of Host names. Contract ID can be obtained using the List Contract and Group command.	*****

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	List Host Names failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Akamai WAF portal. Refer to the HTTP Status Code Registry for details.	Status Code: 400.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Server Url is not valid in format.

Error Sample Data

List Host Names failed.

Status Code: 400.

Message: Server Url is not valid in format.

List Rate Policies

Returns rate policies for a specific security configuration version.

READER NOTE

Configuration ID and Version Number are required parameters to run this command.

Run the List Configuration Version command to obtain the Configuration ID. Configuration IDs can be found in the raw data at the path $.versionList[*].configId.
Run the List Configuration Version command to obtain the Version Number. Version Numbers can be found in the raw data at the path $.versionList[*].version.

Input

Input Parameter	Required/Optional	Description	Example
Configuration ID	Required	The unique identifier for the configuration used to list rate policies. Configuration ID can be obtained using the List Configuration Version command.	*****
Version Number	Required	The unique identifier for each version of a configuration. Version Number can be obtained using the List Configuration Version command.	1

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	List Rate Policies failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Akamai WAF portal. Refer to the HTTP Status Code Registry for details.	Status Code: 400.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Server Url is not valid in format.

Error Sample Data

List Rate Policies failed.

Status Code: 400.

Message: Server Url is not valid in format.

List Security Policy

Returns a list of security policies available for the specified security configuration.

READER NOTE

Configuration ID and Version Number are required parameters to run this command.

Run the List Configuration Version command to obtain the Configuration ID. Configuration IDs can be found in the raw data at the path $.versionList[*].configId.
Run the List Configuration Version command to obtain the Version Number. Version Numbers can be found in the raw data at the path $.versionList[*].version.

Input

Input Parameter	Required/Optional	Description	Example
Configuration ID	Required	The unique identifier for each configuration used to list security policies. Configuration ID can be obtained using the List Configuration Version command.	*****
Version Number	Required	The unique identifier for each version of a configuration. Version Number can be obtained using the List Configuration Version command.	1
Detail	Required	When enabled, the response features a richer set of data than the default, which includes only the name and ID of each item.	True
Matched Target	Required	If true, returns all security policies in the configuration version that don't have a match target. If false, return all security policies in the configuration version.	False

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	List Security Policy failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Akamai WAF portal. Refer to the HTTP Status Code Registry for details.	Status Code: 403.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Server Url is not valid in format.

Error Sample Data

List Security Policy failed.

Status Code: 403.

Message: Server Url is not valid in format.

Modify Custom Deny Action

Updates details for a specific custom deny action.

READER NOTE

Configuration ID, Version Number and Custom Deny ID are required parameters to run this command.

Run the List Configuration Version command to obtain the Configuration ID. Configuration IDs can be found in the raw data returned at the path $.versionList[*].configId.
Run the List Configuration Version command to obtain the Version Number. Version Numbers can be found in the raw data returned at the path $.versionList[*].version.
Run the List Custom Deny Action command to obtain the Custom Deny ID. Custom Deny IDs can be found in the raw data returned at the path $.customDenyList[*].id.

Input

Input Parameter	Required/Optional	Description	Example
Configuration ID	Required	The unique identifier for each configuration used to modify custom actions. Configuration ID can be obtained using the List Configuration Version command.	*****
Version Number	Required	The unique identifier which must be the last created version of a configuration. Version Number can be obtained using the List Configuration Version command.	1
Custom Deny ID	Required	The unique identifier for each custom deny action. Custom Deny ID can be obtained using the List Custom Deny Action command.	*****
Description	Optional	The description of the custom deny action.	test description
Deny Action Name	Required	The name assigned to the custom deny action.	new custom deny
Prevent Browser Caching	Required	Whether nothing from the requesting browser is cached.	True
Response Status Code	Required	The numerical response of the status code for your custom deny. The default response status code is 403. You can enter any numerical value between 100 and 999.	200
Response Content Type	Required	The response body: application/xml; application/json; text/html; text/xml or create your own content type.	application/json
Response Body Content	Required	The body of your application/json or application/xml response.	application/xml
Options	Optional	The options that allow users to add more details such as response header. Refer to Deny name values for more information.	JSON `[ { "name": "custom_deny_path", "value": "/software/htp/cics/index.html" }, { "name": "include_reference_id", "value": true }, { "name": "include_true_ip", "value": true }, { "name": "response_header_name", "value": "testheader" }, { "name": "response_header_value", "value": "server: Apache" } ]`

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Modify Custom Deny Action failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Akamai WAF portal. Refer to the HTTP Status Code Registry for details.	Status Code: 400.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Server Url is not valid in format.

Error Sample Data

Modify Custom Deny Action failed.

Status Code: 400.

Message: Server Url is not valid in format.

Remove Custom Deny Action

Deletes a custom deny action. A custom deny action that is actively in use cannot be deleted. To delete the custom deny action, first activate an older configuration version or create a new version which is editable.

READER NOTE

Configuration ID, Version Number and Custom Deny ID are required parameters to run this command.

Run the List Configuration Version command to obtain the Configuration ID. Configuration IDs can be found in the raw data at the path $.versionList[*].configId.
Run the List Configuration Version command to obtain the Version Number. Version Numbers can be found in the raw data at the path $.versionList[*].version.
Run the List Custom Deny Action command to obtain the Custom Deny ID. Custom Deny IDs can be found in the raw data at the path $.customDenyList[*].id.

Input

Input Parameter	Required/Optional	Description	Example
Configuration ID	Required	The unique identifier for each configuration used to remove the custom deny action. Configuration ID can be obtained using the List Configuration Version command.	*****
Version Number	Required	The unique identifier which must be the last created version of a configuration. Version Number can be obtained using the List Configuration Version command.	1
Custom Deny ID	Required	The unique identifier for each custom deny action. Custom Deny ID can be obtained using the List Custom Deny Action command.	JSON `["*****"]`

Output

To view the sample output data for all commands, refer to this article.

Error Handling

If the Return Data is Partially Successful or Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Remove Custom Deny Action failed.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Akamai WAF portal. Refer to the HTTP Status Code Registry for details.	Status Code: 400.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Server Url is not valid in format.

Error Sample Data

Remove Custom Deny Action failed.

Status Code: 400.

Message: Server Url is not valid in format.

Test Connection

Allows you to perform a health check on an integration connection. You can schedule a periodic health check by selecting Connection Health Check when editing an integration connection.

Input

N/A

Output

Output Type

Description

Return Data Type

Return Data

Indicates one of the possible command execution states: Successful or Failed.

The Failed state can be triggered by any of the following errors:

A connection issue with the integration
The API returned an error message
No response from the API

You can view more details about an error in the Error tab.

String

Error Handling

If the Return Data is Failed, an Error tab will appear in the Test Result window.

The error tab contains the details responded from D3 SOAR or third-party API calls, including Failure Indicator, Status Code, and Message. This can help you locate the root cause of a command failure.

Parts in Error	Description	Example
Failure Indicator	Indicates the command failure that happened at a specific input and/or API call.	Test Connection failed. Failed to check the connector.
Status Code	The response code issued by the third-party API server or the D3 SOAR system that can be used to locate the corresponding error category. For example, if the returned status code is 401, the selected connection is unauthorized to run the command. The user or system support would need to check the permission setting in the Akamai WAF portal. Refer to the HTTP Status Code Registry for details.	Status Code: 400.
Message	The raw data or captured key error message from the integration API server about the API request failure.	Message: Server Url is not valid in format.

Error Sample Data

Test Connection failed. Failed to check the connector.

Status Code: 400.

Message: Server Url is not valid in format.