Alerts and SIEM Integration

Monitoring Gateway events and integrating with your SIEM

Overview

KeeperPAM supports integration with your SIEM provider to provide real-time event logging and monitoring of all privileged access management activity. In the Keeper Admin Console, alerts can also be configured based on any event.

For more information on activating SIEM integration from the Keeper Enterprise guide:

Features

  • Push over 200 different event types to any connected SIEM provider

  • Send alerts to email, SMS, Webhook, Slack or Microsoft Teams on any event trigger

  • Run custom reports from the Keeper Admin Console or Keeper Commander CLI

KeeperPAM Events

Events related to KeeperPAM include:

  • Starting and stopping sessions, tunnels, remote browser isolation

  • Gateway lifecycle (online, offline, added/removed)

  • Connection lifecycle (creation, editing and deleting PAM resources)

KeeperPAM Events

Recommended Alerts

As a KeeperPAM administrator, it is useful to receive alerts related to Gateway actions, such as when a Gateway goes offline (in case of server outage or system restart).

From the Admin Console, go to Reporting & Alerts > Alerts > select Event Types and set the recipient information.

Set Alert for Gateway Offline

Event alert details will include the name and UID of the affected Keeper gateway.

Gateway Offline Alert

Email alerts contain event information

Email Alert for Gateway Offline

PreviousAuto UpdaterNextAdvanced Configuration

Last updated

Was this helpful?