Risk Management Report Command
Risk Management Command
This command/function helps to Generate risk management reports from Keeper's Risk Management Dashboard (RMD) APIs.
PowerCommander
Command: Get-KeeperRiskManagementReport
Alias: risk-report
Parameters
-Action
enterprise-stat
The report action to perform. See Actions below.
-AuditEventType
—
Audit event type name (e.g. "bw_record_high_risk") or numeric ID. Required for security-alerts-detail. Use security-alerts-summary to discover available event types.
-BenchmarkFields
—
Benchmark fields to set, specified as NAME:STATUS pairs. Required for security-benchmarks-set.
-Format
table
Output format: table, json, or csv.
-Output
—
File path to write the report output to. When omitted, output is displayed in the console.
-SyntaxHelp
—
Display detailed syntax help text with all available options and examples.
Actions
enterprise-stat
Enterprise-wide summary showing the number of users who recently logged in and the number of users with records. This is the default action.
enterprise-stat-details
Per-user breakdown showing each user's last login timestamp and whether they have records in their vault.
security-alerts-summary
Summary of security alert events over the current and previous 30-day periods, including event occurrence counts, unique user counts, and trend indicators.
security-alerts-detail
Detailed per-user breakdown for a specific audit event type. Requires the -AuditEventType parameter. Shows each user's current and previous occurrence counts and the last occurrence timestamp.
security-benchmarks-get
Retrieves the current status of all enterprise security benchmarks, including their status (RESOLVED, IGNORED, or UNRESOLVED), last updated timestamp, and auto-resolve setting.
security-benchmarks-set
Updates the status of one or more security benchmarks. Requires the -BenchmarkFields parameter with NAME:STATUS pairs.
Security Benchmark Names
The following benchmark names are valid for security-benchmarks-get and security-benchmarks-set:
SB_DEPLOY_ACROSS_ENTIRE_ORGANIZATION
Deploy Keeper across the entire organization
SB_ENFORCE_STRONG_MASTER_PASSWORD
Enforce strong master password policy
SB_PREVENT_INSTALLATION_OF_UNTRUSTED_EXTENSIONS
Prevent installation of untrusted browser extensions
SB_ENSURE_TWO_FACTOR_AUTHENTICATION_FOR_END_USERS
Ensure two-factor authentication for end users
SB_ENABLE_ACCOUNT_TRANSFER_POLICY
Enable account transfer policy
SB_CONFIGURE_IP_ALLOWLISTING
Configure IP allowlisting
SB_REDUCE_ADMINISTRATOR_PRIVILEGE
Reduce administrator privilege
SB_CREATE_ALERTS
Create security alerts
SB_ENSURE_OUTSIDE_SSO_ADMINISTRATOR_EXISTS
Ensure an outside-SSO administrator exists
SB_DISABLE_BROWSER_PASSWORD_MANAGERS
Disable browser password managers
SB_LOCK_DOWN_SSO_PROVIDER
Lock down SSO provider
SB_DISABLE_ACCOUNT_RECOVERY
Disable account recovery
SB_CREATE_AT_LEAST_TWO_KEEPER_ADMINISTRATORS
Create at least two Keeper administrators
SB_ENFORCE_LEAST_PRIVILEGE_POLICY
Enforce least privilege policy
SB_ENSURE_TWO_FACTOR_AUTHENTICATION_ADMIN_USERS
Ensure two-factor authentication for admin users
Valid benchmark statuses: RESOLVED, IGNORED, UNRESOLVED
Examples:
PS > Get-KeeperRiskManagementReport
Users Enterprise Stat
Metric Value
------ -----
Logged In (Recent) 11
Has Records 15
PS > Get-KeeperRiskManagementReport -Action enterprise-stat-details
Enterprise Stat Details
Username LastLoggedIn HasRecords
-------- ------------ ----------
test1@example.com 2026-03-27 16:50:49 True
test2@example.com 2026-04-17 10:16:56 True
test3@example.com 2026-04-16 15:58:02 True
Last updated
Was this helpful?