Monitoring Gateway events and integrating with your SIEM
KeeperPAM supports integration with your SIEM provider to provide real-time event logging and monitoring of all privileged access management activity. In the Keeper Admin Console, alerts can also be configured based on any event.
For more information on activating SIEM integration from the Keeper Enterprise guide:
See
Push over 200 different event types to any connected SIEM provider
Send alerts to email, SMS, Webhook, Slack or Microsoft Teams on any event trigger
Run custom reports from the Keeper Admin Console or CLI
Events related to KeeperPAM include:
Starting and stopping sessions, tunnels, remote browser isolation
Gateway lifecycle (online, offline, added/removed)
Connection lifecycle (creation, editing and deleting PAM resources)
As a KeeperPAM administrator, it is useful to receive alerts related to Gateway actions, such as when a Gateway goes offline (in case of server outage or system restart).
From the Admin Console, go to Reporting & Alerts > Alerts > select Event Types and set the recipient information.
Event alert details will include the name and UID of the affected Keeper gateway.
Email alerts contain event information
