How Kaseya SIEM fits with Kaseya MDR and SaaS Alerts
Kaseya SIEM, Kaseya MDR, and SaaS Alerts are related but distinct security products. Each supports detection, investigation, and response in different ways, based on the type of data it monitors and how investigations are performed.
You can use any of these products independently or combine them depending on your security needs. This article explains how their roles differ and how they complement each other when used together.
At a glance: product roles
| Product | Primary focus | Typical use |
|---|---|---|
| Kaseya MDR | Managed detection and response for endpoints and infrastructure | Actively detecting and responding to threats affecting devices and infrastructure with SOC support |
| SaaS Alerts | Monitoring and alerting for SaaS application activity | Detecting risky or suspicious behavior within SaaS platforms |
| Kaseya SIEM | Unified visibility and investigation across SaaS and infrastructure | Correlating activity across environments to support broader investigation and analysis |
These products are separate and complementary. Using one does not require using the others, and organizations can adopt them independently or together depending on their needs.
What each product monitors
The table below shows typical telemetry coverage when products are used together.
Kaseya SIEM can ingest data from supported sources independently and does not require Kaseya MDR or SaaS Alerts to be present.
| Security area | Kaseya MDR | SaaS Alerts | Kaseya SIEM |
|---|---|---|---|
| Endpoints and devices | Yes | No | Yes |
| Infrastructure and network activity | Yes | No | Yes |
| SaaS applications | No | Yes | Yes |
| User activity in SaaS platforms | No | Yes | Yes |
| Cross‑domain correlation | No | No | Yes |
When multiple products evaluate the same underlying telemetry, similar alerts may appear in more than one product. Each product manages alerting and response independently. Kaseya SIEM does not deduplicate, suppress, or override alerts generated by Kaseya MDR or SaaS Alerts.
Kaseya MDR
Kaseya MDR focuses on managed detection and response for endpoints and infrastructure. It provides SOC‑led investigation and response workflows for infrastructure threats.
It provides:
-
SOC‑led managed detection and response
-
Endpoint, server, and infrastructure monitoring
-
Investigation and containment workflows
-
Automated response actions (based on configuration)
SaaS Alerts
SaaS Alerts focuses on visibility and alerting within SaaS applications.
It provides:
-
Agentless SaaS monitoring
-
Detection of risky or anomalous user behavior
-
SaaS‑specific alerting and automation
SaaS Alerts is designed for monitoring user activity and configuration changes within SaaS platforms such as Microsoft 365 and other cloud services.
Kaseya SIEM
Kaseya SIEM is designed for unified visibility and investigation across multiple environments. It can ingest telemetry from supported data sources and supports cross‑domain investigation and centralized analysis across SaaS and infrastructure.
Kaseya SIEM supports:
-
Cross‑domain investigation and correlation
-
Centralized investigation across environments
-
Manual investigation and automation
-
Investigation and reporting that can support audit and compliance workflows
Using Kaseya SIEM with or without other products
Although Kaseya SIEM, Kaseya MDR, and SaaS Alerts share a common interface, each product has its own scope, onboarding requirements, and configuration considerations based on the data sources and services in use. Sharing an interface does not mean the products share the same setup or operational model.
Kaseya SIEM does not require Kaseya MDR or SaaS Alerts to function. You can use Kaseya SIEM on its own to ingest and analyze telemetry from supported data sources. When used alongside Kaseya MDR or SaaS Alerts, additional signals from those products are available in Kaseya SIEM to support broader context and correlation, depending on configuration and connected data sources.
When Kaseya SIEM is added to an existing environment, enabling it changes where investigations happen, not how existing data is collected.
If telemetry is already being collected through Kaseya MDR or SaaS Alerts, depending on the data source and existing configuration:
-
The same underlying data can be reused in Kaseya SIEM
-
Additional API connections may not be required for some data sources
-
Existing configurations and prior investigation context remain available
For certain cloud integrations, such as Microsoft, reconnection may still be required to enable expanded telemetry and full visibility.
Migration considerations
Migration behavior depends on the environment, enabled products, and integration configuration. In some cases, existing configurations, such as API credentials or organization mappings, may be retained.
Some integrations may require reconnection to take advantage of expanded telemetry available through Kaseya SIEM.
Choosing the right product
The right product depends on your security priorities:
-
Choose Kaseya MDR if your primary concern is endpoint and infrastructure security and you want SOC‑led detection and response
-
Choose SaaS Alerts if your focus is SaaS application security and user behavior without SOC involvement
-
Choose Kaseya SIEM when broader investigation and visibility across multiple environments are required
You are not limited to a single approach and can evolve your security stack over time.
Related articles
-
Getting started with Kaseya SIEM: Overview: Review initial access and setup guidance if you are ready to begin using the platform
-
How Kaseya MDR works: Build the conceptual foundation before diving into daily workflows
-
Using Kaseya SIEM: Learn how to investigate and correlate security activity within the SIEM experience
