功能: SIEM 集成

Seamless SIEM integration for real-time visibility and threat response

Keeper's SIEM integration, powered by the Advanced Reporting & Alerts Module (ARAM), delivers full visibility, real-time alerting and audit-ready reporting.

开始免费体验
Keeper Admin Console 'External Logging' page with tiles for integrations like Amazon S3, Splunk, Elastic, Datadog, and Microsoft Sentinel.

Actionable insights, delivered in real time

Keeper Admin Console filter menu listing event categories (like Account Password Reset, Admin Permission, BreachWatch, and Login) with checkboxes and counts.

Reporting engine

Run custom reports across 300+ event types, including security events, admin actions, Privileged Access Management (PAM) activity and more. Filter by user, record UID, IP address, location and other attributes to surface what matters most.

Integrated IT Service Management (ITSM) ticketing

Keeper integrates with platforms like ServiceNow, Jira and Salesforce to automatically generate tickets from real-time events, streamlining workflows and improving coordination between security and IT teams.

Alert configuration screen with an alert name field, expandable alert conditions for event types and attributes, and an alert frequency dropdown.
Keeper Admin Console alerts table showing alert types, frequency, occurrence counts, and on/off toggles.

Real-time alerts

Set alerts on any event type and receive notifications via email, SMS or webhook. Common triggers include role policy changes, 2FA disable, device approvals and BreachWatch detections.

External logging

Connect to your SIEM platform using pre-built integrations, syslog or webhooks. Keeper supports Microsoft Sentinel, Splunk, CrowdStrike Falcon Next-Gen SIEM, Datadog, Google Security Operations, Elastic, AWS S3 and more.

Keeper logo in the center with a ring of external logging integrations around it (like S3, Splunk, Sumo Logic, and Google SecOps).
Table listing users with counts for High-Risk, Passed, and Scan Ignored items, shown per user with email addresses.

BreachWatch monitoring

Track BreachWatch® alerts and resolution events to monitor high-risk passwords across the organization. Use this data to enforce better credential hygiene and reduce risk.

Commander CLI and SDK integration

Use Keeper Commander to access and filter SIEM event data, generate custom reports and integrate with your log pipeline or external systems.

Terminal window showing the Keeper Commander CLI with an ASCII Keeper logo, login status messages, and a table of vault search results.

合规审计

Generate detailed activity reports to meet SOX, ISO, SOC 2, HIPAA and other compliance requirements. Keeper makes it easy to demonstrate control and accountability during audits

Integrates with your existing SIEM

Keeper integrates with leading SIEM platforms to deliver real-time event data, streamlined threat detection and centralized visibility.

  • splunk
  • sumo logic
  • AWS
  • IBM
  • Devo
  • logrhythm
  • Azure
  • datadog
  • Logz.io
  • elactic
See All SIEM Integrations

常见问题解答

Is SIEM integration available for all business plans?

No, SIEM integration in Keeper requires the Advanced Reporting & Alerts Module (ARAM) add-on. If you're using KeeperPAM®, ARAM is already included.

What events can Keeper send to my SIEM?

Keeper can log over 200 event types, including logins, password changes, record creation, sharing activity, PAM session launches, device approvals, vault transfers and more.

Can I limit which events are sent to my SIEM?

Yes, you can configure filtering and threshold logic through Keeper's ARAM.

Do SIEM integrations maintain zero-knowledge security?

Yes, all events are metadata only. Vault contents remain encrypted and inaccessible to Keeper or your SIEM provider.

Which platforms does Keeper support?

Keeper supports all major SIEM systems, including Splunk, IBM QRadar, LogRhythm, Sumo Logic, Azure Sentinel and more.

close
企业用户促销
支持
close
立即购买