Kaseya Logs

Overview

Evidence: Kaseya Logs Description: Collect Kaseya Logs Category: Applications Platform: windows Short Name: kaseyalogs Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

Kaseya is a remote monitoring and management (RMM) platform widely used by MSPs. It maintains detailed logs of agent activity, remote sessions, and script executions. Kaseya has been targeted in supply chain attacks, most notably the 2021 ransomware incident.

Data Collected

This collector gathers structured data about kaseya logs.

Collection Method

This collector gathers Kaseya endpoint logs and session data from ProgramData directories, collecting agent activity and session information.

Forensic Value

Kaseya logs are critical for investigating RMM-based attacks and supply chain compromises. They reveal remote sessions, executed scripts, deployed software, and can identify exploitation of legitimate management tools for malicious purposes including ransomware deployment.