Keeper supports event streaming into an Amazon S3 bucket. Setup instructions are below.
Copy {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::name_of_bucket/*"
]
}
]
}
Files will be posted only when events occur during the interval. In the example below, the json files are posted every hour when there is activity in the system.
Copy <165>1 2023-10-30T02:18:43.776Z keepersecurity.jp keeper - - - {"audit_event":"device_user_approval_requested","device_name":"iPhone","remote_address":"12.34.56.78","category":"security","client_version":"iPhone.16.9.4","username":"craig@keeperdemo.io","enterprise_id":50,"client_version_new":true}^M
<165>1 2023-10-30T02:19:19.587Z keepersecurity.jp keeper - - - {"audit_event":"device_approved","device_name":"iPhone","remote_address":"12.34.56.78","category":"security","client_version":"iPhone.16.9.4","username":"craig@keeperdemo.io","enterprise_id":50}^M
<165>1 2023-10-30T02:19:51.774Z keepersecurity.jp keeper - - - {"audit_event":"login","channel":"PASS","remote_address":"12.34.56.78","category":"login","client_version":"iPhone.16.9.4","username":"craig@keeperdemo.io","enterprise_id":50}^M
Copy [{"audit_event":"login","remote_address":"12.34.56.78","client_version":"iPhone.16.9.3","timestamp":"2023-09-20T21:33:17.545Z","username":"craig@keeperdemo.io","enterprise_id":67241},{"audit_event":"login","remote_address":"12.34.56.78","client_version":"iPhone.16.9.3","timestamp":"2023-09-20T21:33:27.200Z","username":"craig@keeperdemo.io","enterprise_id":67241},{"audit_event":"login","remote_address":"12.34.56.78","client_version":"iPhone.16.9.3","timestamp":"2023-09-20T21:33:22.740Z","username":"craig@keeperdemo.io","enterprise_id":67241},{"record_uid":"ac3QeHmeGz6Jyb7wnuHnfQ","audit_event":"open_record","remote_address":"12.34.56.78","client_version":"iPhone.16.9.3","timestamp":"2023-09-20T21:33:56.634Z","username":"craig@keeperdemo.io","enterprise_id":67241},{"record_uid":"ac3QeHmeGz6Jyb7wnuHnfQ","audit_event":"fast_fill","remote_address":"12.34.56.78","client_version":"iPhone.16.9.3","timestamp":"2023-09-20T21:33:56.634Z","username":"craig@keeperdemo.io","enterprise_id":67241}]
Copy audit_event, name, remote_address, category, client_version, timestamp, username, enterprise_id
audit_sync_setup, s3, 12.34.56.78, policy, EMConsole.16.15.3, 1698759022585, craig@keeperdemo.io, 50
role_created, , 12.34.56.78, policy, EMConsole.16.15.3, 1698759049640, craig@keeperdemo.io, 50
role_enforcement_changed, , 12.34.56.78, policy, EMConsole.16.15.3, 1698759049876, craig@keeperdemo.io, 50
added_to_role, , 12.34.56.78, security, EMConsole.16.15.3, 1698759136968, craig@keeperdemo.io, 50
added_to_role, , 12.34.56.78, security, EMConsole.16.15.3, 1698759136979, craig@keeperdemo.io, 50
lock_user, , 12.34.56.78, security, EMConsole.16.15.3, 1698759169004, craig@keeperdemo.io, 50
added_to_role, , 12.34.56.78, security, EMConsole.16.15.3, 1698759134936, craig@keeperdemo.io, 50