Keeper Security Logs

Keeper Security provides password management and secure file storage solutions for individuals and enterprises. Keeper Security logs capture details of user activity such as logins, password changes, vault access, shared item interactions, and administrative actions. These logs are essential for auditing access to sensitive information, monitoring security events, and ensuring compliance with data protection policies.

Ingest Method

This source uses am HTTP webhook to ingest events. Create the source in RunReveal and a new webhook URL will be generated. Use this URL when setting up your source.

Setup

The Keeper Security log source receives webhooks of Keeper Security Logs. However RunReveal has not been officially added to the keeper security SIEM connections. When setting up a Keeper source in RunReveal you'll add a "Sumo Logic" source in Keeper and provide the RunReveal webhook URL. You don't need a Sumo Logic instance of your own.

Once you create a Keeper Security log source you'll be given a webhook URL like other RunReveal webhook sources. Make note of this Webhook URL.

In the Keeper Security admin console navigate under "Reporting and Alerts" to "External Logging". You should see list of suppoted SIEM integrations that Keeper natively supports.

Select Sumo Logic and you'll be prompted for a Sumo Logic URL. Enter your RunReveal Webhook URL and press "Test Connection". Once the connection test succeeds, you won't see any visual indication EXCEPT the "Save" button will be clickable. Click Save.

It may take several minutes but your keeper logs should begin flowing to RunReveal without issue.