Integrations and data sources

The Integrations and data sources section explains where security telemetry in Kaseya MDR comes from, how data sources are associated with organizations, and how that activity becomes available for detection, investigation, and response.

Kaseya MDR focuses on endpoint and infrastructure monitoring, bringing together telemetry from deployed agents, supported endpoint security platforms, identity providers, network and log‑based sources, and select MSP tools into a managed detection and response experience. This section focuses on how data enters the MDR platform and becomes usable in context—not on alert logic, investigation outcomes, or SOC response decisions.

This section is designed to answer a foundational question: How does data get into Kaseya MDR, and what determines whether it contributes to detection and investigation?

Interface grouping versus documentation structure

In the Kaseya MDR interface, integrations may appear grouped by vendor or operational role (for example, endpoint tools, cloud services, or MSP systems). These groupings primarily reflect how integrations are connected and managed, not differences in how telemetry is evaluated once ingested.

For documentation purposes, this section is organized by the role a data source plays in detection and investigation, such as:

  • Endpoint and infrastructure telemetry

  • Identity and cloud activity

  • Network and log‑based ingestion

  • MSP and IT operations context

This approach allows you to first understand what a type of telemetry contributes to MDR and how it is used by the platform, and then follow the appropriate connection or integration‑specific guidance as needed.

Licensing context and entry points

Kaseya MDR licensing determines which data sources and capabilities are available for detection, investigation, and response. Supported telemetry is evaluated according to MDR service scope and configuration, not by how or when individual tools are connected.

Some environments may also use additional Kaseya security products, such as SaaS Alerts or Kaseya SIEM. When present, compatible telemetry from those products may be visible alongside MDR activity, but MDR detection and response behavior remains governed by MDR service configuration.

This section focuses on how data sources connect to and support managed detection and response, not on cross‑product licensing relationships or SIEM aggregation behavior.

How this section is organized

The Integrations and data sources section is structured in two layers:

  • Foundational and category‑level articles that explain how different types of telemetry behave in Kaseya MDR and how they contribute to detection and investigation

  • Integration‑specific articles that explain how to connect and authorize individual tools and services

This structure allows you to understand what a type of data does in MDR first, and then move into tool‑specific setup only when necessary.

Documentation availability

As the Kaseya MDR experience is provisioned and integrations become available, corresponding documentation will be introduced to reflect supported capabilities and workflows.

Not all integrations may be documented at initial availability. Integration‑specific articles are added as each capability is enabled, validated, and supported in the platform.

How documentation categories are defined

Documentation in this section is organized by how telemetry enters Kaseya MDR and how it is used, not strictly by UI grouping or vendor ownership.

Each category represents a different role that telemetry plays in MDR:

  • Endpoint and infrastructure sources: Agent‑based and platform‑based telemetry collected from endpoints, servers, and endpoint security solutions. These sources provide process, file, network, and operating system activity that drives MDR detections and investigations.

  • Identity and cloud sources: Telemetry from identity providers and cloud services that contributes authentication, access, and account activity used during investigation and response.

  • Network and log‑based sources: Log‑based telemetry ingested from network and infrastructure devices using supported formats such as syslog. These sources contribute context and detection signals rather than persistent device inventory.

  • MSP and IT operations tools: Tools such as RMM or PSA platforms that provide operational context, workflow integration, or response coordination. These integrations support MDR operations but are not primary detection sources.

What this section helps you understand

Use this section to understand:

  • How integrations and data sources are associated with organizations in Kaseya MDR

  • How different types of telemetry enter the MDR platform

  • How endpoint, identity, network, and log‑based activity contributes to detections and investigations

  • How telemetry from connected tools is evaluated and surfaced within MDR

  • Where to find the appropriate connection workflow or integration‑specific guidance

Integration‑specific setup instructions are intentionally not listed in this section. They are provided in their corresponding integration articles, accessed after you understand how that type of telemetry behaves in Kaseya MDR.

Where to start

  • Start with Connecting data sources and integrations to understand how integrations are associated with organizations, where connections are initiated, and how connection scope affects MDR visibility.

  • Then use the category articles in this section to understand how each type of telemetry contributes to detection and investigation in Kaseya MDR before proceeding to tool‑specific setup.

Articles in this section