Using Kaseya SIEM

The Using Kaseya SIEM section explains how to work with the platform during day‑to‑day security operations, starting from alerts and moving through investigation‑driven decisions. Instead of monitoring raw events or building ad‑hoc queries, Kaseya SIEM is used from alerts into a single Analysis experience that correlates activity across SaaS applications, endpoints, network, and infrastructure.

The articles in this section focus on reviewing alerts, investigating activity with context, managing noise intentionally, and deciding when escalation or automation is appropriate. They reflect how Kaseya SIEM is designed to be used in practice: investigation comes before response, and automation is introduced only after patterns are understood.

Use this section to understand:

How alerts surface activity that may require attention
How to review alerts and decide whether deeper investigation is needed
How to investigate correlated activity using the Analysis page
How to manage repeated or low‑value alerts without losing visibility
How to introduce Respond rules after investigation confirms meaningful patterns

This section does not explain how to access the platform, configure authentication, manage users, or define detection logic. Those topics are covered in Getting started with Kaseya SIEM, Administration and configuration, and Detection, IOCs, and Respond rules.

Articles in this section

This section includes the following articles:

Exploring the dashboard: Explains how to use the dashboard for situational awareness, understand alert trends, and decide where to focus investigation or response next. The dashboard is used for orientation, not for investigation or response actions.
Working with alerts: Describes how to review alerts, understand severity and context, and decide whether deeper investigation is required before taking action
Investigating activity using the Analysis page: Explains how to investigate alerts and related activity in a single, correlated view to understand scope, sequence, and impact before responding
Managing noise and signal: Explains how to reduce alert noise safely after investigation, including when to tune, suppress, or leave alerts unchanged
Managing repeated alerts: Walks through investigation‑first decision‑making for alerts that fire repeatedly due to expected behavior and explains when suppression is appropriate
Quiet mode overview: Explains how quiet mode affects default alert severity behavior and what alerts look like before tuning or suppression is applied.
Alert suppression: Explains how suppression rules work in Kaseya SIEM and how to configure them to reduce alert noise without stopping event collection.
Suppressing alerts from Events (investigation‑based suppression): Explains how to suppress repeated alerts directly from investigation context after validation, while preserving visibility.
Managing alert severity and detection tuning: Explains how to adjust severity and detection logic to improve signal quality when alerts are consistently low value across your environment
Creating high‑confidence alerts with Respond rules: Explains how to use Respond rules to surface meaningful patterns after investigation confirms that individual alerts are insufficient
Analyzing a Respond trigger: Explains how to review Respond rule triggers in context to confirm why a rule fired and whether it is behaving as intended

These articles are intentionally ordered by workflow, but they are not meant to be read start to finish. You typically move between them as investigation progresses and decisions evolve.

How to use this section

Refer to Using Kaseya SIEM:

During daily security monitoring and alert review
When investigating activity and validating context before response
When deciding how to reduce noise without reducing coverage
When introducing or evaluating Respond rules after investigation

	Need help? Submit a Kaseya Helpdesk request.
	Want to talk about it? Head over to Kaseya Community.
	Have a new feature idea? Visit the Kaseya Ideas portal.
	Provide feedback for the Documentation team.