Keeper

  • Updated on Feb 5, 2025
  • Published on Dec 27, 2023
Prev Next
Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Keeper Logs

✅

✅

keeper_logs

NDJSON

S3

Overview

image.pngKeeper Security is transforming the way organizations and individuals protect their passwords and sensitive digital assets to significantly reduce password-related data breaches and cyberthreats. Keeper is the leading provider of zero-knowledge security and encryption software covering password management, secrets management, connection management, dark web monitoring, digital file storage, secret messaging, and more.

Hunters supports the Integration of Keeper to the data lake. Moreover, the data source is used in the Hunters pipeline for detection and investigation related to Login events, as well as mapped to IOC Search.

Supported data types

Keeper Logs

Table name: keeper_logs

Keeper's Advanced Reporting & Alerts Module ("ARAM") is a critical component of the Keeper Security platform which provides Keeper Administrators and Compliance teams tools for monitoring overall usage and adherence to policies.

Learn more here.

Send data to Hunters

Hunters supports the ingestion of Keeper logs via an intermediary AWS S3 bucket.

To connect Keeper logs:

  1. Export your logs from Keeper to an AWS S3 bucket by following this guide.

  2. Once the export is completed and the logs are collected to S3, follow the steps in this section.

Expected format

The expected format is json-array which is one of Keeper's default output formats.

[{"audit_event":"login","remote_address":"12.34.56.78","client_version":"iPhone.16.9.3","timestamp":"2023-09-20T21:33:17.545Z","username":"craig@keeperdemo.io","enterprise_id":67241},{"audit_event":"login","remote_address":"12.34.56.78","client_version":"iPhone.16.9.3","timestamp":"2023-09-20T21:33:27.200Z","username":"craig@keeperdemo.io","enterprise_id":67241},{"audit_event":"login","remote_address":"12.34.56.78","client_version":"iPhone.16.9.3","timestamp":"2023-09-20T21:33:22.740Z","username":"craig@keeperdemo.io","enterprise_id":67241},{"record_uid":"ac3QeHmeGz6Jyb7wnuHnfQ","audit_event":"open_record","remote_address":"12.34.56.78","client_version":"iPhone.16.9.3","timestamp":"2023-09-20T21:33:56.634Z","username":"craig@keeperdemo.io","enterprise_id":67241},{"record_uid":"ac3QeHmeGz6Jyb7wnuHnfQ","audit_event":"fast_fill","remote_address":"12.34.56.78","client_version":"iPhone.16.9.3","timestamp":"2023-09-20T21:33:56.634Z","username":"craig@keeperdemo.io","enterprise_id":67241}]