Last updated
Last updated
Ingress Requirements for direct SIEM push
For customers who are receiving inbound SIEM events and Automator device approval requests from the Keeper production environment, you can lock down traffic to the below IP addresses.
34.194.242.137/32
18.235.39.229/32
54.208.20.102/32
34.203.159.189/32
54.246.149.209/32
34.250.37.43/32
52.210.163.45/32
54.246.185.95/32
54.206.253.126/32
52.64.85.78/32
3.106.40.41/32
54.206.208.132/32
18.253.101.55/32
18.253.102.58/32
18.252.135.74/32
18.253.212.59/32
CA / Canada Hosted Customers
35.182.155.224/32
35.182.216.11/32
15.223.136.134/32
JP / Tokyo Hosted Customers
35.74.131.237/32
54.150.11.204/32
52.68.53.105/32
After external logging is established, it might be automatically put on pause if the external system becomes unavailable and the number of the events in the queue reaches a threshold of 50. If this happens, you will have to manually resume the external logging after correcting the issue. We recommend setting up an alert for the "Paused Audit log Sync" event so you get notified if the external logging is paused.