[New Filebeat Input] Akamai

.github/CODEOWNERS

@@ -125,6 +125,7 @@ changelog/fragments/
 /x-pack/filebeat @elastic/elastic-agent-data-plane
 /x-pack/filebeat/docs/ # Listed without an owner to avoid maintaining doc ownership for each input and module.
 /x-pack/filebeat/docs/inputs/input-salesforce.asciidoc @elastic/obs-infraobs-integrations
+/x-pack/filebeat/input/akamai/ @elastic/security-service-integrations
 /x-pack/filebeat/input/awscloudwatch/ @elastic/obs-ds-hosted-services
 /x-pack/filebeat/input/awss3/ @elastic/obs-ds-hosted-services
 /x-pack/filebeat/input/azureblobstorage/ @elastic/security-service-integrations

.gitignore

@@ -2,6 +2,7 @@
 /.vagrant
 /.idea
 /.vscode
+/.cursor
 /build
 /*/*.template*.json
 **/html_docs

changelog/fragments/1771333713-add-akamai-siem-input.yaml

@@ -0,0 +1,53 @@
+# REQUIRED
+# Kind can be one of:
+# - breaking-change: a change to previously-documented behavior
+# - deprecation: functionality that is being removed in a later release
+# - bug-fix: fixes a problem in a previous version
+# - enhancement: extends functionality but does not break or fix existing behavior
+# - feature: new functionality
+# - known-issue: problems that we are aware of in a given version
+# - security: impacts on the security of a product or a user's deployment.
+# - upgrade: important information for someone upgrading from a prior version
+# - other: does not fit into any of the other categories
+kind: feature
+
+# REQUIRED for all kinds
+# Change summary; a 80ish characters long description of the change.
+summary: Add Akamai SIEM API input with v2.Input architecture, batch PublishAll, and ACK-based cursor persistence.
+
+# REQUIRED for breaking-change, deprecation, known-issue
+# Long description; in case the summary is not enough to describe the change
+# this field accommodate a description without length limits.
+description: |
+  Add a new dedicated Akamai input to Filebeat for collecting security events
+  from the Akamai SIEM v1 API. The input implements v2.Input directly (not
+  inputcursor) with batch event publishing via PublishAll, decoupled cursor
+  persistence via ACK callbacks, and a chain-based recovery model. NDJSON events
+  are streamed line-by-line through a bounded channel with zero-copy passthrough.
+  EdgeGrid HMAC-SHA256 authentication is built into the client. Includes rate
+  limiting, comprehensive metrics, and structured recovery for offset expiry,
+  invalid timestamps, and lookback boundary clamping.
+
+# REQUIRED for breaking-change, deprecation, known-issue
+# impact:
+
+# REQUIRED for breaking-change, deprecation, known-issue
+# action:
+
+# REQUIRED for all kinds
+# Affected component; usually one of "elastic-agent", "fleet-server", "filebeat", "metricbeat", "auditbeat", "all", etc.
+component: filebeat
+
+# AUTOMATED
+# OPTIONAL to manually add other PR URLs
+# PR URL: A link the PR that added the changeset.
+# If not present is automatically filled by the tooling finding the PR where this changelog fragment has been added.
+# NOTE: the tooling supports backports, so it's able to fill the original PR number instead of the backport PR number.
+# Please provide it if you are adding a fragment for a different PR.
+pr: https://github.com/elastic/beats/pull/48846
+
+# AUTOMATED
+# OPTIONAL to manually add other issue URLs
+# Issue URL; optional; the GitHub issue related to this changeset (either closes or is part of).
+# If not present is automatically filled by the tooling with the issue linked to the PR number.
+# issue: https://github.com/owner/repo/1234

docs/reference/filebeat/configuration-filebeat-options.md

@@ -57,6 +57,7 @@ To fetch all files from a predefined level of subdirectories, use this pattern:
 
 You can configure Filebeat to use the following inputs:
 
+* [Akamai](/reference/filebeat/filebeat-input-akamai.md)
 * [AWS CloudWatch](/reference/filebeat/filebeat-input-aws-cloudwatch.md)
 * [AWS S3](/reference/filebeat/filebeat-input-aws-s3.md)
 * [Azure Event Hub](/reference/filebeat/filebeat-input-azure-eventhub.md)