Alerts and SIEM Integration

Overview

KeeperPAM supports integration with your SIEM provider to provide real-time event logging and monitoring of all privileged access management activity. In the Keeper Admin Console, alerts can also be configured based on any event.

For more information on activating SIEM integration from the Keeper Enterprise guide:

• See Reporting, Alerts & SIEM integration

Features

• Push over 200 different event types to any connected SIEM provider

• Send alerts to email, SMS, Webhook, Slack or Microsoft Teams on any event trigger

• Run custom reports from the Keeper Admin Console or Keeper Commander CLI

KeeperPAM Events

Events related to KeeperPAM include:

• Starting and stopping sessions, tunnels, remote browser isolation

• Gateway lifecycle (online, offline, added/removed)

• Connection lifecycle (creation, editing and deleting PAM resources)

Recommended Alerts

As a KeeperPAM administrator, it is useful to receive alerts related to Gateway actions, such as when a Gateway goes offline (in case of server outage or system restart).

From the Admin Console, go to Reporting & Alerts > Alerts > select Event Types and set the recipient information.

Event alert details will include the name and UID of the affected Keeper gateway.

Email alerts contain event information

Integrations

Keeper integrates with ITSM platforms for realtime ticket creation, alerting and incident response.

• Jira ITSM

• ServiceNow ITSM