Integrating Keeper SIEM event pushes to Azure Sentinel and Log Analytics
To proceed with this method... in Azure, go to Log Analytics workspaces > Select Workspace > Classic "Agents Management". From here you can retrieve a Workspace ID and Key. Provide these two fields to Keeper to start streaming logs to your selected workspace.
Keeper will immediately start sending event data to the designated Azure Log Analytics workspace, under a custom table named Keeper_CL.
To view the logs, open the Log Analytics Workspace > Logs > select the Keeper_CL table.
If you need to troubleshoot the event log APIs, the below Python script will simulate the Keeper backend system sending event logs to your Azure environment. Replace the Workspace ID and Workspace Key before testing it.