KeeperAI
AI-powered threat detection for KeeperPAM privileged sessions
Last updated
Was this helpful?
KeeperPAM and Secrets Manager
AI-powered threat detection for KeeperPAM privileged sessions
Last updated
Was this helpful?
KeeperAI is an Agentic AI-powered threat detection system that automatically monitors and analyzes user sessions to identify suspicious or malicious behavior. The system, which is built using a Sovereign AI framework, works at the gateway level to generate real-time risk analyses from session recordings, helping security teams quickly detect potential threats.
Automated Session Analysis: Analyze session metadata, keystroke logs, and command execution logs to detect unusual behavior
Search: Provides searching across the sessions to locate specific keywords or activity
Threat Classification: Automatically categorize detected threats and assign risk levels
Flexible Deployment: Support for both cloud-based and on-premises LLM inference
Customizable Configuration: Adjust risk parameters and detection rules to your environment
Current Support
SSH
Coming Soon
Database protocols
RDP
VNC
RBI
PAM Gateway version 1.5.4 or newer
Docker environment for on-premises deployments
Access to LLM inference services (See supported LLM provider options below)
Activating KeeperAI on a Resource
Log in to the Vault UI as an administrator
Navigate to the resource management section
Select the SSH-based resource you want to protect
Find the "KeeperAI" section and toggle the activation switch to "On"
Save your changes
Note: For protocols not yet supported, the UI will indicate that classification models for these protocols are coming soon.
KeeperAI leverages Large Language Models (LLMs) to power its threat detection capabilities. The PAM Gateway communicates with any LLM of your choice to analyze session data and generate intelligent security insights. This integration is fundamental to KeeperAI's ability to detect suspicious patterns and provide detailed session summaries.
KeeperAI is designed to work with multiple LLM providers, giving you flexibility in your deployment:
KeeperAI uses a proprietary classifier to categorize threats into risk levels:
Critical: Severe security threats requiring immediate action
High: Significant security concerns that should be addressed promptly
Medium: Potential security issues requiring monitoring
You can configure automatic responses based on detected threat levels:
Navigate to the KeeperAI configuration section
Define pattern matching keywords using regex
Assign these patterns to Critical, High, or Medium threat levels
Optionally enable automatic session termination for specific threat levels
Each analyzed session receives an AI-generated summary:
Access the Session Recordings section in the Vault UI
Select a session with KeeperAI analysis
View the risk assessment, including:
Overall risk level
Detected threat categories
Detailed session summary
Timeline of suspicious activities
Adjust the sensitivity and specifics of threat detection:
Access the KeeperAI configuration page
Modify the threshold settings for different threat categories
Update keyword patterns for specific threats
Save your configuration changes
KeeperAI automatically generates ARAM events for detected threats, enabling integration with your existing security workflow.
Missed Detections: Adjust sensitivity thresholds or add custom keyword patterns
False Positives: Refine pattern matching rules or adjust risk thresholds
Performance Issues: Check resource allocation for on-premises LLM deployments
For additional assistance with KeeperAI, email pam@keepersecurity.com.
Q: Can I use my own LLM model with KeeperAI?
A: Yes, KeeperAI supports any provider implementing the OpenAI /chat/completions API endpoint
Q: Does KeeperAI work in real-time? A: Yes, KeeperAI can analyze both real-time sessions and completed session recordings using the same analysis logic.
Q: How does KeeperAI handle sensitive information? A: In a later release, KeeperAI will include Personally Identifiable Information (PII) detection and removal from session summaries.
