Kaseya Logs
Overview
Section titled “Overview”Evidence: Kaseya Logs
Description: Collect Kaseya Logs
Category: Applications
Platform: windows
Short Name: kaseyalogs
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”Kaseya is a remote monitoring and management (RMM) platform widely used by MSPs. It maintains detailed logs of agent activity, remote sessions, and script executions. Kaseya has been targeted in supply chain attacks, most notably the 2021 ransomware incident.
Data Collected
Section titled “Data Collected”This collector gathers structured data about kaseya logs.
Collection Method
Section titled “Collection Method”This collector gathers Kaseya endpoint logs and session data from ProgramData directories, collecting agent activity and session information.
Forensic Value
Section titled “Forensic Value”Kaseya logs are critical for investigating RMM-based attacks and supply chain compromises. They reveal remote sessions, executed scripts, deployed software, and can identify exploitation of legitimate management tools for malicious purposes including ransomware deployment.