Quick Links

Integrating with Keeper Security

Overview

You can use HTTP Ingest to integrate Blumira with Keeper Security and bypass the need for an on-premises Ubuntu sensor or traditional API-polling Cloud Connector. This method uses Blumira’s Cloud Ingest API, which provides a unique HTTPS endpoint where your organization can transfer structured logs.

Most Blumira editions have no limit to the number of HTTP integrations you can add. However, the following restrictions apply:

  • Detect Lite, Respond Core, and SIEM Core editions have a limit of one ingestion source
  • M365 Edition accounts do not include access to any HTTP logging

Before you begin

Before configuring any log source for outbound HTTP log streaming, you must generate your unique ingestion credentials by doing the following:

  1. In the Blumira app, navigate to Ingestion > HTTP Ingestion.
  2. Click Add Ingestion Instance.
  3. In the window that appears, do the following:
    1. In Vendor, select the vendor you would like to integrate with.
    2. (Optional) In Ingestion Instance Name, edit the pre-populated name.
    3. (Optional) In Description, type a description that provides context for this instance being created.
    4. Click Save.
  4. In the Credentials window, do at least one of the following:
    • Copy and save each credential to use later when configuring your vendor integration.
    • Keep the Credentials window open to copy and paste the values directly from Blumira into the vendor's site in a different browser tab. 

      Important: You must copy the token before you close the window. You will not be able to see the token again after you close the Credentials window.

Configuring Keeper Security

To integrate with Keeper Security and start receiving logs, do the following:

  1. In Keeper Security, navigate to Reporting & Alerts > External Logging.
  2. On the Splunk tile, click Setup.
  3. In the Host box, paste the Host value you copied from the Credentials for Keeper Security window in Blumira.
  4. In the Port box, type 443.
  5. In the Token box, paste the Token value you copied from the Credentials for Keeper Security window in Blumira.
  6. Click Save.

Keeper Security Sync Settings.png


For information about managing this HTTP integration and its tokens, see Using Blumira HTTP Ingestion.