Evidence: Kaseya Logs
Description: Collect Kaseya Logs
Category: Applications
Platform: windows
Short Name: kaseyalogs
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Kaseya is a remote monitoring and management (RMM) platform widely used by MSPs. It maintains detailed logs of agent activity, remote sessions, and script executions. Kaseya has been targeted in supply chain attacks, most notably the 2021 ransomware incident.
Data Collected
This collector gathers structured data about kaseya logs.
Collection Method
This collector gathers Kaseya endpoint logs and session data from ProgramData directories, collecting agent activity and session information.
Forensic Value
Kaseya logs are critical for investigating RMM-based attacks and supply chain compromises. They reveal remote sessions, executed scripts, deployed software, and can identify exploitation of legitimate management tools for malicious purposes including ransomware deployment.
