# Alerts and SIEM Integration

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FEq6SQc0d9qYM8GwgiILa%2FKeeperPAM%20SIEM%20Integration.jpg?alt=media&#x26;token=6273343f-32b9-4c55-98a0-b47f3a24386c" alt=""><figcaption></figcaption></figure>

### Overview

KeeperPAM supports integration with your SIEM provider to provide real-time event logging and monitoring of all privileged access management activity. In the Keeper Admin Console, alerts can also be configured based on any event.

For more information on activating SIEM integration from the Keeper Enterprise guide:

* See [Reporting, Alerts & SIEM integration](https://app.gitbook.com/s/-LO5CAzpxoaEquZJBpYz/event-reporting)

### Features

* Push over 200 different event types to any connected SIEM provider
* Send alerts to email, SMS, Webhook, Slack or Microsoft Teams on any event trigger
* Run custom reports from the Keeper Admin Console or [Keeper Commander](https://docs.keeper.io/en/keeperpam/commander-cli/command-reference/reporting-commands#audit-report-command) CLI

### KeeperPAM Events

Events related to KeeperPAM include:

* Starting and stopping sessions, tunnels, remote browser isolation
* Gateway lifecycle (online, offline, added/removed)
* Connection lifecycle (creation, editing and deleting PAM resources)

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2F7HKEvnUmuwxtqzWrtAEH%2FScreenshot%202025-02-22%20at%205.52.13%E2%80%AFPM.png?alt=media&#x26;token=317f6374-5d64-4e14-9f35-14a73822541c" alt=""><figcaption><p>KeeperPAM Events</p></figcaption></figure>

### Recommended Alerts

As a KeeperPAM administrator, it is useful to receive alerts related to Gateway actions, such as when a Gateway goes offline (in case of server outage or system restart).

From the Admin Console, go to **Reporting & Alerts** > **Alerts** > select Event Types and set the recipient information.

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FCTid6ZraCYRFA0ZppXsp%2FScreenshot%202025-02-22%20at%206.49.59%E2%80%AFPM.png?alt=media&#x26;token=72c05446-21cc-41d5-9afb-b9e82be1de2e" alt=""><figcaption><p>Set Alert for Gateway Offline</p></figcaption></figure>

Event alert details will include the name and UID of the affected Keeper gateway.

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2F3dh5GtgJnyDtzJ0hjTfS%2FScreenshot%202025-02-22%20at%206.47.09%E2%80%AFPM.png?alt=media&#x26;token=b298b1d3-c69a-40b8-b14a-2ac845ac79a5" alt=""><figcaption><p>Gateway Offline Alert</p></figcaption></figure>

Email alerts contain event information

<figure><img src="https://762006384-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MJXOXEifAmpyvNVL1to%2Fuploads%2FJI6cxiJgIuhgFKkkKuYV%2FScreenshot%202025-02-23%20at%207.43.17%E2%80%AFAM.png?alt=media&#x26;token=ccf0ad22-a732-430a-b206-5b7d36df3cb6" alt=""><figcaption><p>Email Alert for Gateway Offline</p></figcaption></figure>

### Integrations

Keeper integrates with ITSM platforms for realtime ticket creation, alerting and incident response.

* [Jira ITSM](https://docs.keeper.io/en/keeperpam/secrets-manager/integrations/jira-itsm)
* [ServiceNow ITSM](https://docs.keeper.io/en/keeperpam/secrets-manager/integrations/servicenow-itsm)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/en/keeperpam/privileged-access-manager/getting-started/gateways/alerts-and-siem-integration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.