HEC - Keeper Security – Huntress Product Support

TEAM: Huntress Managed Security Information and Event Management (SIEM)
PRODUCT: HTTP Event Collector (HEC)
ENVIRONMENT: Keeper Security
SUMMARY: Configuration Guide for Keeper Security

Vendor Information
Configuration Checklist

Vendor Information

Vendor	Keeper Security
Supported Model Name/Number	N/A
Supported Software Version(s)	N/A
Collection Method	HTTP Event Collector
Provider Name	Keeper
Additional Information	https://docs.keeper.io/en/enterprise-guide/event-reporting

You must be an Account Administrator in Huntress in order to follow the steps below.

Configuration Checklist

Create Token
1. Open Huntress Portal
2. Click SIEM on the left navigation menu
3. Click Source Management
4. Click Add Source
5. Click Keeper
6. Click Add
7. Provide a name for the Integration and an optional description.
8. Click Save
9. Copy the HTTP Event Collector Token value

You must have the Administrator role in Keeper in order to follow the steps below.

Configure Integration in Keeper
1. Log into Keeper Admin Console
2. Click Reporting & Alerts
3. Click External Logging
4. Under the Splunk card, click Setup.
5. In the Host field, copy the values from the Huntress Token you created in the previous step
  1. Host: hec.huntress.io
  2. Port: 443
  3. Token: Token copied from step 9 above.
6. Click "Test Connection"
7. If successful, click "Save"

Vendor Information

Configuration Checklist

Related articles