Devo
Integrating Keeper SIEM push to Devo
Last updated
Integrating Keeper SIEM push to Devo
Last updated
Keeper supports event streaming into Devo deployments. External logging is real-time, and new events will appear almost immediately. Setup instructions are below.
Devo uses a standard "Syslog" push capability over TCP.
Ports TCP Ports 514 and 6514 (TLS)
Fields Exported "audit_event", "username", "client_version", "remote_address", "channel", "result_code", "email", "to_username", "client_version_new","username_new", "file_format", "record_uid", "folder_uid", "folder_type", "shared_folder_uid", "attachment_id", "team_uid", "role_id"
Payload Format Pipe-delimited, e.g. "audit_event=login|username=bob@foo.com|..."
Important: Ensure that the endpoint is using a valid signed SSL certificate. Keeper's systems will refuse to connect to an invalid or self-signed endpoint. Also, ensure that your Devo server allows traffic from Keeper servers. See Firewall Configuration page.
