Elastic
Integrating Keeper SIEM push to Elastic
Keeper supports event streaming into Elastic deployments. External logging is real-time, and new events will appear almost immediately. Setup instructions are below.
Elastic integration uses a TCP push to the destination endpoint. The fields required are:
- Host (e.g. mycompany.gcp.cloud.us.io:9243)
- Search Index (e.g. keeper)
- API Key
Please refer to the Elastic documentation for generating an API key.
Important: Ensure that the endpoint is using a valid signed SSL certificate that has a domain matching the subject name in the certificate. The certificate must also include the full certificate chain from your CA. Keeper's systems will refuse to connect to a self-signed certificate.
Also, ensure that your Elastic server allows traffic from Keeper servers. See Firewall Configuration page.
Last modified 17d ago