Integration: Kaseya SIEM and Datto RMM

Overview

This integration connects Datto RMM with Kaseya SIEM so endpoint and operational telemetry from Datto RMM can be ingested, mapped to the correct organizations, and used for investigation and correlation.

This integration establishes a single connection to Datto RMM and relies on organization mapping to determine where telemetry is visible within Kaseya SIEM.

This article covers integration setup and telemetry association only. It does not cover agent deployment, Datto RMM automation or scripting, alert configuration, or response logic. Detection and response behavior depends on SIEM configuration and enabled capabilities.

What this integration does and does not do

This integration:

  • Establishes API-based connectivity between Datto RMM and Kaseya SIEM

  • Associates Datto RMM telemetry with SIEM organizations through mapping

  • Makes device and operational activity available for investigation and correlation

This integration does not:

  • Deploy or manage endpoint agents

  • Configure Datto RMM scripts or automation

  • Replace Datto RMM administrative workflows

  • Control detection logic, alerts, or response actions

Agent deployment (including using Datto RMM) and detection configuration are handled in separate articles.

Prerequisites

Before configuring the integration:

  • Enable API access in Datto RMM

  • Create an API user with Administrator-level permissions

  • Generate API credentials (API URL, API Key, API Secret Key)

  • Ensure Datto RMM organizations are structured per customer where possible

Use case

A managed service provider uses Datto RMM to manage devices across multiple customer environments.

By connecting Datto RMM to Kaseya SIEM and mapping organizations:

  • Device and operational activity from Datto RMM becomes available in SIEM investigations

  • Analysts gain additional context about device state and activity

  • Telemetry is scoped correctly per customer through organization mapping

How the Datto RMM integration works

Datto RMM is connected once at the partner (MSP) level. It is not connected separately for each customer organization.

Instead:

  • A single Datto RMM integration is established

  • Customer onboarding is handled through organization mapping

  • Mapping determines how telemetry is associated and displayed within Kaseya SIEM

  • Mapping does not create additional integrations. It controls how data from the single connection is scoped.

NOTE  Datto RMM telemetry may already exist in your environment through other Kaseya Platform modules such as Kaseya MDR or SaaS Alerts. However, the Datto RMM integration must still be explicitly connected and mapped in Kaseya SIEM to ensure visibility and proper organization-level association.

How to...

Related articles