Skip to main content

HEC - Keeper Security

Jason Phelps
  • Updated

TEAM: Huntress Managed Security Information and Event Management (SIEM)
PRODUCT: HTTP Event Collector (HEC)
ENVIRONMENT: Keeper Security
SUMMARY: Configuration Guide for Keeper Security. With this guide you can use Huntress to ingest webhooks directly from Keeper Security, bypassing the need to use Splunk or another 3rd party HEC.

Vendor Information

Vendor

Keeper Security

Supported Model Name/Number

N/A

Supported Software Version(s)

N/A

Collection Method

HTTP Event Collector

Provider Name

Keeper

Additional Information

https://docs.keeper.io/en/enterprise-guide/event-reporting

You must be an Account Administrator in Huntress in order to follow the steps below.

 

Configuration Checklist

  1. Create Token in your Huntress portal

    1. Open Huntress Portal

    2. Click SIEM on the left navigation menu
    3. Click Source Management
    4. Click Add Source
    5. Click Keeper
    6. Click Add
    7. Provide a name for the Integration and an optional description.
    8. Click Save
    9. Copy the HTTP Event Collector Token value

You must have the Administrator role in Keeper in order to follow the steps below.

  1. Configure Integration in Keeper
    1. Log into Keeper Admin Console
    2. Click Reporting & Alerts
    3. Click External Logging
    4. Under the Splunk card, click Setup.
    5. In the Host field, copy the values from the Huntress Token you created in the previous step
      1. Host: hec.huntress.io
      2. Port: 443
      3. Token: Token copied from step 9 above.
    6. Click "Test Connection"
    7. If successful, click "Save"

Related articles