Integration: Kaseya SIEM and INKY

Overview

The INKY integration allows SaaS Alerts to ingest INKY email security events as they are generated.

Once configured, events generated by INKY are ingested into SaaS Alerts and become part of your monitored activity. These events can include analysis results, user-reported activity, outbound analysis, and workflow-related actions. This provides visibility into INKY activity alongside other monitored applications in SaaS Alerts.

This integration requires INKY Pro and is currently available as a limited release (beta). It must be enabled for your SaaS Alerts instance.

If the INKY option does not appear when adding a new application, contact your account team for access.

Event coverage and behavior may evolve as additional data and use cases are validated.

Prerequisites

Before configuring the integration, ensure the following:

  • An active SaaS Alerts partner instance

  • Administrative access in SaaS Alerts

  • An INKY instance with API access enabled

  • Access to generate an API key in INKY

Use case

Use this integration to monitor INKY email security events within SaaS Alerts and investigate them using standard alerting and event workflows.

How the integration works

The INKY integration in SaaS Alerts is configured by adding INKY as an application and providing an API key generated in INKY.

During setup:

  • You select the INKY environment (for example, US or EU)

  • You provide an API key generated in INKY.

SaaS Alerts uses this information to establish the connection and begin ingesting events

After the connection is established:

  • Events generated by INKY are ingested into SaaS Alerts

  • Events are mapped into SaaS Alerts and included in monitored activity

This process does not require polling or manual data export. Once configured, ingestion occurs automatically.

How to...

Event behavior and coverage

The INKY integration sends email security-related events into SaaS Alerts. A set of event mappings is configured as part of this integration, including:

  • Events mapped to specific conditions

  • A general catch‑all event for additional data

Because this integration is in beta:

  • Event coverage may expand over time

  • Additional patterns and mappings may be introduced

  • Some events may initially appear under broader categories

Where events appear in SaaS Alerts

After the integration is active:

  • INKY events are visible alongside other SaaS Alerts event data

  • Events can be reviewed through the standard alerting and event workflows

  • Filtering, investigation, and response behavior follow standard SaaS Alerts patterns

Event visibility depends on:

  • Successful connection to INKY

  • Activity occurring in the INKY environment

  • Normal ingestion and processing timing

Validation after setup

After configuring the integration, verify that it is working as expected:

  • Confirm that the INKY application appears under the organization

  • Confirm that the connection is active (no errors in configuration)

  • Review recent events to confirm that INKY activity is visible

If events are not visible immediately, allow time for:

  • Event generation in INKY

  • Ingestion and processing in SaaS Alerts

Lack of immediate data does not necessarily indicate a configuration issue.

Troubleshooting

INKY does not appear in the application list

  • Confirm that the INKY integration is enabled for your SaaS Alerts instance

  • This integration may be restricted to beta access

Unable to connect after entering API key

  • Verify that the API key was copied correctly from INKY

  • Confirm that the correct INKY region (US/EU) is selected

  • Regenerate the API key in INKY and try again

No events appear in SaaS Alerts

  • Confirm that INKY is generating events in your environment

  • Confirm that the integration is active and correctly configured

  • Allow time for ingestion and processing

Important considerations

  • This integration is configured at the organization level in SaaS Alerts

  • If configured at the organization level, the integration may apply to child teams depending on permissions and configuration

  • Event ingestion depends on data generated in INKY; it does not create events on its own

  • Event mappings are evolving during beta

  • The integration does not change or affect INKY configuration or behavior

Avoid configuring duplicate INKY integrations

If an INKY integration already exists, SaaS Alerts displays a warning indicating that a connection is already in place.

The INKY integration is intended to be configured at the SaaS Alerts partner organization level. Adding the same INKY instance to multiple organizations can result in duplicate events and alerts.