Integrations and data sources

The Integrations and data sources section explains where security telemetry in Kaseya SIEM comes from, how data sources are associated with organizations, and where that activity appears in the UI for investigation.

Kaseya SIEM brings together telemetry from multiple environments, including SaaS applications, endpoint and infrastructure systems, network and log‑based sources, and MSP‑managed tools, into a single investigation experience.

This section focuses on how data enters the platform and where it becomes visible, not on detection logic, response automation, or SOC workflows.

This section is designed to answer a foundational question: How does data get into Kaseya SIEM, and where do I see it?

Interface grouping versus documentation structure

In the Kaseya SIEM interface, integrations are often displayed in vendor‑ or ownership‑based groupings (for example, MSP tools and Customer Apps). These groupings reflect connection scope and ownership, not differences in how activity is investigated once telemetry is ingested.

For documentation purposes, this section is organized by the role a data source plays in visibility—such as SaaS and cloud activity, endpoint and infrastructure telemetry, and network or log‑based ingestion. This approach helps you understand what each type of telemetry looks like in Kaseya SIEM and where it appears, and then follow the appropriate connection workflow when needed.

How this section is organized

The Integrations and data sources section is intentionally structured in two layers:

Foundational and category‑level articles that explain how different types of telemetry behave in Kaseya SIEM and where activity becomes visible
Integration‑specific articles that explain how to connect individual tools and applications

This structure lets you understand each type of data in Kaseya SIEM first, then move to tool‑specific setup when needed.

Licensing context and entry points

SaaS Alerts and Kaseya MDR can be licensed independently and often serve as entry points into the Kaseya SIEM security platform. When Kaseya SIEM licensing is applied, supported telemetry from these products is presented in a single interface for alerting, correlation, and investigation. Licensing affects how capabilities are packaged and billed, not how investigations are performed.

You may arrive at Kaseya SIEM from different starting points, depending on how your environment is licensed, including:

You are licensed for SaaS Alerts only
You are licensed for Kaseya MDR only
You are licensed directly for Kaseya SIEM

These starting points can affect which capabilities and data sources are initially available. When Kaseya SIEM licensing is applied, supported telemetry is surfaced in a centralized experience for monitoring and investigation.

Kaseya SIEM is not only a passive aggregation layer. It provides centralized management for alerting behavior, investigation workflows, and correlation logic across data sources, with available capabilities determined by licensing rather than by product silos.

Documentation availability

As the Kaseya SIEM experience is provisioned and integrations become available, corresponding documentation will be introduced to reflect supported capabilities and workflows.

Not all integrations may be documented at initial availability. Integration‑specific articles are added as each capability is enabled, validated, and supported in the platform.

How documentation categories are defined

Documentation in this section is organized by how telemetry enters Kaseya SIEM and how it appears in investigations, not by UI grouping or product ownership.

Each category represents a different role that telemetry plays in visibility and correlation.

Some integrations (such as MSP and IT operations tools) provide operational context rather than primary telemetry and are grouped separately.

Endpoint and infrastructure sources

Host‑level telemetry generated by endpoints, servers, and endpoint security platforms. These sources contribute process, file, network, and operating system activity that becomes visible through alerts, events, and investigation context once reporting begins.

SaaS and cloud sources

Application‑level telemetry collected from customer‑owned SaaS and cloud services, such as identity providers, productivity platforms, and collaboration tools. These sources are typically connected per organization and surface user, administrative, and configuration activity relevant to investigation and analysis.

Network and log‑based sources

Log‑based infrastructure and security systems that send telemetry using supported formats such as syslog. These sources are reflected through incoming activity, alerts, and correlation context rather than through an application connection status.

MSP and IT operations tools (context and operational integrations)

Platforms used by service providers to support operations and workflow, such as RMM, PSA, or documentation tools. These integrations provide operational context or workflow linkage and are not primary telemetry sources for investigation.

What this section helps you understand

Use this section to understand:

How data sources and integrations (such as SaaS, endpoint, network, and log‑based sources) are associated with organizations
How different types of security telemetry enter Kaseya SIEM and where that activity appears in alerts and investigations
How telemetry from SaaS Alerts and Kaseya MDR is consolidated into a single SIEM experience when licensed

Where to find the appropriate connection workflow or integration‑specific guidance

Integration‑specific setup instructions for individual tools are intentionally not listed in this section. They are provided in their corresponding integration articles, which are accessed from the appropriate category pages after you understand how that type of telemetry behaves in Kaseya SIEM.

Where to start

Start with Connecting data sources and integrations to understand how data sources are associated with organizations, where connections are initiated in the UI, and how connection scope affects visibility.

Then use the category articles in this section to understand how each type of telemetry becomes visible in Kaseya SIEM (SaaS and cloud activity, endpoint and infrastructure telemetry, and network or log‑based ingestion).

Articles in this section

Connecting data sources and integrations: Explains how integrations and applications are associated with organizations and how connection scope determines where telemetry appears.
SaaS and cloud sources: Explains how SaaS and cloud services become data sources in Kaseya SIEM, where their activity appears in the UI, and how SaaS telemetry differs from endpoint or network data.
Endpoint and infrastructure sources: Explains how endpoints and infrastructure systems become active data sources, where those systems appear in the UI, and what types of activity they contribute once ingestion is working.
Network: Explains how log‑based telemetry from network and infrastructure sources enters Kaseya SIEM and how to validate visibility.

Workflow and integration‑specific setup

Setup and authorization steps for specific tools are provided in integration‑specific articles and connection workflow articles and are referenced from the appropriate category pages (for example, SaaS and cloud sources).

Together, these articles explain where Kaseya SIEM data comes from, how it is associated with organizations, and how it appears for investigation.

	Need help? Submit a Kaseya Helpdesk request.
	Want to talk about it? Head over to Kaseya Community.
	Have a new feature idea? Visit the Kaseya Ideas portal.
	Provide feedback for the Documentation team.