Audit Alert Commands

Configures audit alerts for security and compliance monitoring within the enterprise. Alerts can be set for suspicious activities or policy violations.

Usage

audit-alert command [--options]

Commands

Command
Description
Alias

list

Display alert list

l

view

View alert configuration

v

history

View alert history

h

delete

Delete audit alert

d

add

Add audit alert

a

edit

Edit audit alert

e

reset-counts

Reset alert counts

recipient

Modify alert recipients

r

Audit Alert list

Display alert list.

DotNet CLI

Command: audit-report list

Example:

My Vault> audit-report list
   #  Created                Username                            Event                      Message                                                                                             
----  ---------------------  ----------------------------------  -------------------------  ----------------------------------------------------------------------------------------------------
   1  13/11/2025 9:22:22 AM  [email protected]                      login                      User <user> logged in to vault (PASS)                                      
   2  13/11/2025 9:22:22 AM  Keeper                              audit_alert_sent           Audit alert "ServiceNow Alerts" was sent to <userx>,https://cert860.servi...
DotNet SDK

Functions: GetAvailableEvents

PowerCommander

Command: Coming Soon

Python CLI

Command: audit-alert list

Options

  • -h, --help show this help message and exit

  • --reload - Reload alert information

  • --format - Output format: json, table, csv

  • --output - path to resulting output file (ignored for "table" format)

Example:

My Vault> audit-alert list --fromat json
Python SDK

Function: Coming Soon

Audit Alert view

View alert configuration.

DotNet CLI

Command: audit-report --event-type="some event type"

Example:

My Vault> audit-report --event-type="login" --limit=2
  #  Created                Username                         Event  Message                                                       
---  ---------------------  -------------------------------  -----  --------------------------------------------------------------
  1  13/11/2025 9:31:33 AM  user1                             login  User <user1> logged in to vault (PASS)
  2  13/11/2025 9:26:56 AM  user2                             login  User <user2> logged in to vault (PASS)
DotNet SDK

Function: Coming Soon

PowerCommander

Command: Coming Soon

Python CLI

Command: audit-alert view

Parameter:

ALERT - Alert ID or Name (required)

Options

  • -h, --help show this help message and exit

Example:

My Vault> audit-alert view <Alert_ID OR Alert_Name>
Python SDK

Function: Coming Soon

Audit-Alert history

View alert history.

DotNet CLI

Command: Coming Soon

DotNet SDK

Function: Coming Soon

PowerCommander

Command: Coming Soon

Python CLI

Command: audit-alert history

Parameter:

ALERT - Alert ID or Name (required)

Options

  • -h, --help show this help message and exit

  • --format - Output format: json, table, csv

  • --output - Output filename

Example:

My Vault> audit-alert history <Alert_ID OR Alert_Name>
Python SDK

Function: Coming Soon

Audit-Alert delete

Delete audit alert.

DotNet CLI

Command: Coming Soon

DotNet SDK

Function: Coming Soon

PowerCommander

Command: Coming Soon

Python CLI

Command: audit-alert delete

Parameter:

ALERT - Alert ID or Name (required)

Options

  • -h, --help show this help message and exit

Example:

My Vault> audit-alert delete <Alert_ID OR Alert_Name>
Python SDK

Function: Coming Soon

Audit-Alert add

Add audit alert.

DotNet CLI

Command: Coming Soon

DotNet SDK

Function: Coming Soon

PowerCommander

Command: Coming Soon

Python CLI

Command: audit-alert add

Options

  • -h, --help show this help message and exit

  • --name - Alert Name (required)

  • --frequency - Alert Frequency. Format: [N:]event|minute|hour|day

  • --audit-event - Audit Event.

  • --user - Username. Can be repeated.

  • --record-uid - Record UID. Can be repeated.

  • --shared-folder-uid - Shared Folder UID. Can be repeated.

  • --active - Enable or disable alert: on or off

Example:

My Vault> audit-alert add --name <name> --frequency <event|minute|hour|day> --audit-event <Event> --record-uid <UID> --user <user> --active on/off
Python SDK

Function: Coming Soon

Audit-Alert edit

Edit audit alert.

DotNet CLI

Command: Coming Soon

DotNet SDK

Function: Coming Soon

PowerCommander

Command: Coming Soon

Python CLI

Command: audit-alert edit

Parameter:

ALERT - Alert ID or Name (required)

Options

  • -h, --help show this help message and exit

  • --name - Alert Name

  • --frequency - Alert Frequency. Format: [N:]event|minute|hour|day

  • --audit-event - Audit Event. Can be repeated.

  • --user - Username. Can be repeated.

  • --record-uid - Record UID. Can be repeated.

  • --shared-folder-uid - Shared Folder UID. Can be repeated.

  • --active - Enable or disable alert: on or off

Example:

My Vault> audit-alert edit <Alert_ID> --name <name> --user <user> --active on/off
Python SDK

Function: Coming Soon

Audit-Alert reset-counts

Reset alert counts.

DotNet CLI

Command: Coming Soon

DotNet SDK

Function: Coming Soon

PowerCommander

Command: Coming Soon

Python CLI

Command: audit-alert reset-count

Parameter:

ALERT - Alert ID or Name (required)

Option:

-h, --help show this help message and exit

Example:

My Vault> audit-alert reset-count <Alert_ID>
Alert counts reset to zero
Python SDK

Function: Coming Soon

Audit-Alert recipient

Modify alert recipients.

DotNet CLI

Command: Coming Soon

DotNet SDK

Function: Coming Soon

PowerCommander

Command: Coming Soon

Python CLI

Command: audit-alert recipient <parameter>

Parameter: ALERT Alert ID or Name.

Options: -h, --help show this help message and exit

Recipient actions:

  • enable - Enables recipient

    • RECIPIENT - Recipient ID or Name. Use "*" for "User who generated event"

  • disable - Disables recipient

    • RECIPIENT - Recipient ID or Name. Use "*" for "User who generated event"

  • delete - Deletes recipient

    • RECIPIENT - Recipient ID or Name

  • add - Adds recipient

    • --name - Recipient name

    • --email - Email address

    • --phone - Phone number. Format: +1 (555) 555-1234

    • --webhook - Webhook URL. See https://docs.keeper.io/enterprise-guide/webhooks

    • --http-body - Webhook HTTP Body

    • --cert-errors - Webhook SSL Certificate errors: ignore or enforce

    • --generate-token - Generate new access token

  • edit - Edit recipient

    • RECIPIENT - Recipient ID or Name (required)

    • --name - Recipient name

    • --email - Email address

    • --phone - Phone number. Format: +1 (555) 555-1234

    • --webhook - Webhook URL

    • --http-body - Webhook HTTP Body

    • --cert-errors - Webhook SSL Certificate errors: ignore or enforce

    • --generate-token - Generate new access token

Example:

My Vault> audit-alert recipient 1
 Alert ID  1
            Alert name  eMail - changed or alternative created - LAF Consulting
                Status  Enabled

           Recipients:
Send To Originator (*)  False
          Recipient ID  1
                  Name  user
                Status  Enabled
              Email To  [email protected]

          Recipient ID  2
                  Name  user2
                Status  Enabled
              Email To  [email protected]
Python SDK

Function: Coming Soon

PreviousDevice Approve CommandsNextMiscellaneous Commands

Last updated

Was this helpful?