Kaseya MDR, Kaseya SIEM, and SaaS Alerts: How the products relate
Kaseya MDR, SaaS Alerts, and Kaseya SIEM are related but distinct security products, each designed to address a different aspect of detection, investigation, and response.
Customers can use any one product on its own or combine multiple products depending on their security needs. This article explains:
-
The role each product plays
-
How the products complement each other
-
When to use one product versus a combination
The goal is to clarify how these products fit together without assuming consolidation, replacement, or forced upgrades.
At a glance: product roles
| Product | Primary focus | Includes SOC | Typical use case |
|---|---|---|---|
| Kaseya MDR | Managed detection and response (MDR) for endpoints and infrastructure | Yes | Actively detecting and responding to threats affecting devices and infrastructure |
| SaaS Alerts | Monitoring and alerting for SaaS application activity | No | Detecting risky or suspicious behavior within SaaS platforms |
| Kaseya SIEM | Unified visibility and investigation across environments | Yes | Correlating security activity across SaaS and infrastructure |
These products are separate and complementary. Using one does not require using the others.
What each product monitors
| Security area | Kaseya MDR | SaaS Alerts | Kaseya SIEM |
|---|---|---|---|
| Endpoints and devices | Yes | No | Yes |
| Infrastructure and network activity | Yes | No | Yes |
| SaaS applications | No | Yes | Yes |
| User activity in SaaS platforms | No | Yes | Yes |
| Cross‑domain correlation | No | No | Yes |
Kaseya MDR
Kaseya MDR is designed for active detection and response in environments where threats affect endpoints, servers, and infrastructure.
It provides:
-
SOC‑led managed detection and response
-
Endpoint, server, and infrastructure monitoring
-
Investigation and containment workflows
-
Automated response actions
Kaseya MDR focuses on acting on infrastructure threats, not SaaS‑only activity.
SaaS Alerts
SaaS Alerts focuses on visibility and alerting within SaaS applications, such as Microsoft 365 and other cloud services.
It provides:
-
Agentless SaaS monitoring
-
Detection of risky or anomalous user behavior
-
SaaS‑specific alerting and automation
SaaS Alerts does not include SOC‑led MDR by default and does not monitor endpoints or infrastructure.
Kaseya SIEM
Kaseya SIEM is designed for customers who want a unified investigation experience across multiple environments.
It correlates security telemetry across endpoints, infrastructure, SaaS applications, and other supported data sources, including activity originating from Kaseya MDR and SaaS Alerts.
It provides:
-
Cross‑domain correlation
-
Centralized investigation
-
Manual and automated response support when integrated with Kaseya MDR or SaaS Alerts
-
Compliance‑oriented investigation and reporting
Kaseya SIEM does not replace Kaseya MDR or SaaS Alerts. It extends them by correlating activity across environments.
Shared telemetry, different management surfaces
Kaseya MDR, SaaS Alerts, and Kaseya SIEM share underlying telemetry and detection data, but they are administered through different product experiences.
If telemetry is already being collected through Kaseya MDR or SaaS Alerts:
-
The same data is reused in Kaseya SIEM for investigation and correlation.
-
No additional integrations are typically required to access existing MDR or SaaS Alerts data in Kaseya SIEM.
-
Existing detection and collection configurations remain in place.
Enabling Kaseya SIEM changes where investigations are performed, not how existing data is collected. Additional data sources can be added to Kaseya SIEM if broader visibility is required.
Kaseya MDR and Kaseya SIEM rely on the same underlying agent and telemetry collection, while SaaS Alerts remains agentless. Differences between products are reflected in how data is analyzed, investigated, and acted upon—not in how core infrastructure telemetry is collected.
Can customers use more than one product?
Yes. Many customers use more than one product to address different security needs.
| Scenario | Recommended product(s) |
|---|---|
| Endpoint and infrastructure protection | Kaseya MDR |
| SaaS application monitoring | SaaS Alerts |
| Unified investigation across environments | Kaseya SIEM |
| Broad coverage across SaaS and infrastructure | Kaseya MDR + SaaS Alerts, or Kaseya SIEM |
Customers can start with one product and expand coverage over time. In some cases, certain integrations—such as Microsoft 365—may need to be reconnected when expanding or migrating between products.
Choosing the right product
-
Choose Kaseya MDR if your priority is SOC‑led detection and response for infrastructure
-
Choose SaaS Alerts if your focus is SaaS application activity and user behavior
-
Choose Kaseya SIEM if you need unified investigation and correlation across environments
Related articles
-
Getting started with Kaseya MDR: Confirm access and complete initial onboarding steps
-
How Kaseya MDR works: The core mental models that explain how the platform behaves
-
Using Kaseya MDR: Focus on how to use Kaseya MDR in day‑to‑day operations
