Audit Alert Commands

Configures audit alerts for security and compliance monitoring within the enterprise. Alerts can be set for suspicious activities or policy violations.

Usage

audit-alert command [--options]

Commands

Command

Description

Alias

list

Display alert list

l

view

View alert configuration

v

history

View alert history

h

delete

Delete audit alert

d

add

Add audit alert

a

edit

Edit audit alert

e

reset-counts

Reset alert counts

recipient

Modify alert recipients

r

Audit Alert list Command

Display alert list.

DotNet CLI

Command: audit-report list

Example:

My Vault> audit-report list
   #  Created                Username                            Event                      Message                                                                                             
----  ---------------------  ----------------------------------  -------------------------  ----------------------------------------------------------------------------------------------------
   1  13/11/2025 9:22:22 AM  user@email.com                      login                      User <user> logged in to vault (PASS)                                      
   2  13/11/2025 9:22:22 AM  Keeper                              audit_alert_sent           Audit alert "ServiceNow Alerts" was sent to <userx>,https://cert860.servi...

DotNet SDK

Functions: GetAvailableEvents

PowerCommander

Command: Get-KeeperAuditAlert -Action list

Alias: audit-alert

Parameters

-Reload - Reload alert information
-Format - Output format: json, table, csv
-Output - path to resulting output file (ignored for "table" format)

Example:

PS > Get-KeeperAuditAlert -Action list

Id Name                 Events                                                                                               Frequency        Occurrences AlertsSent LastSent         Active
-- ----                 ------                                                                                               ---------        ----------- ---------- --------         ------
 1 SalesForce Dev       change_master_password                                                                               Every Occurrence        4069       3536 13-04-2026 15:18   True
                        open_record
                        chat_message_sent
                        chat_message_received
                        +281 more
 2 ConnectHub          change_master_password                                                                                Every Occurrence        2890       2589 10-04-2026 10:21  False
                        open_record
                        chat_message_sent
                        chat_message_received

Python CLI

Command: audit-alert list

Options

-h, --help show this help message and exit
--reload - Reload alert information
--format - Output format: json, table, csv
--output - path to resulting output file (ignored for "table" format)

Example:

My Vault> audit-alert list --fromat json

Python SDK

Function: Coming Soon

Audit Alert view Command

View alert configuration.

DotNet CLI

Command: audit-report --event-type="some event type"

Example:

My Vault> audit-report --event-type="login" --limit=2
  #  Created                Username                         Event  Message                                                       
---  ---------------------  -------------------------------  -----  --------------------------------------------------------------
  1  13/11/2025 9:31:33 AM  user1                             login  User <user1> logged in to vault (PASS)
  2  13/11/2025 9:26:56 AM  user2                             login  User <user2> logged in to vault (PASS)

DotNet SDK

Function: Coming Soon

PowerCommander

Command: Get-KeeperAuditAlert -Action View

Alias: audit-alert

Parameters

-Reload - Reload alert information
-Target - (numeric ID or exact name).
-All - use -All for all alerts
-Format - Output format: json, table, csv
-Output - path to resulting output file (ignored for "table" format)

Example:

PS > Get-KeeperAuditAlert -Action View -Target 13

Name                              Value
----                              -----
Alert ID                             13
Alert name                Renamed Alert
Status                         Disabled
Frequency              Every Occurrence
Occurrences
Sent Counter
Last Sent
Event Types                       login
Send To Originator (*)             True

Python CLI

Command: audit-alert view

Parameter:

ALERT - Alert ID or Name (required)

Options

-h, --help show this help message and exit

Example:

My Vault> audit-alert view <Alert_ID OR Alert_Name>

Python SDK

Function: Coming Soon

Audit-Alert history Command

View alert history.

DotNet CLI

Command: Coming Soon

DotNet SDK

Function: Coming Soon

PowerCommander

Command: Get-KeeperAuditAlert -Action history

Alias: audit-alert

Parameters

-Target - (numeric ID or exact name).
-Format - Output format: json, table, csv
-Output - path to resulting output file (ignored for "table" format)

Example:

PS > Get-KeeperAuditAlert -Action history -Target "1"

AlertSentAt      Occurrences
-----------      -----------
13-04-2026 15:43           2
13-04-2026 15:31           2
13-04-2026 15:18           1
13-04-2026 15:18           1
13-04-2026 14:47           1

Python CLI

Command: audit-alert history

Parameter:

ALERT - Alert ID or Name (required)

Options

-h, --help show this help message and exit
--format - Output format: json, table, csv
--output - Output filename

Example:

My Vault> audit-alert history <Alert_ID OR Alert_Name>

Python SDK

Function: Coming Soon

Audit-Alert delete Command

Delete audit alert.

DotNet CLI

Command: Coming Soon

DotNet SDK

Function: Coming Soon

PowerCommander

Command: Get-KeeperAuditAlert -Action delete

Alias: audit-alert

Parameters

Flag

Description

-Action

Must be delete.

-Target

Single alert: numeric ID or exact name (case-insensitive). Use this or -All or -From/-To—not all three patterns at once in a conflicting way.

-All

Delete all alerts in the enterprise.

-From

Start of ID range (positive integer). Must be used with -To; both are required for range delete.

-To

End of ID range (positive integer, must be greater than -From). Inclusive.

-Force

Do not prompt; delete immediately.

-Format

Not used for the delete logic itself; after a successful delete the cmdlet may refresh the list (table output).

-Output

Stores output in a file

Example:

PS > Get-KeeperAuditAlert -Action delete -Target "12"

The following 1 alert(s) will be deleted:
------------------------------------------------------------
  ID: 12 | Name: PC Test Alert
------------------------------------------------------------
Are you sure you want to delete 1 alert(s)? (y/n): y

Python CLI

Command: audit-alert delete

Parameter:

ALERT - Alert ID or Name (required)

Options

-h, --help show this help message and exit

Example:

My Vault> audit-alert delete <Alert_ID OR Alert_Name>

Python SDK

Function: Coming Soon

Audit-Alert add Command

Add audit alert.

DotNet CLI

Command: Coming Soon

DotNet SDK

Function: Coming Soon

PowerCommander

Command: Get-KeeperAuditAlert -Action add

Alias: audit-alert

Parameters

Flag

Description

-Action

Must be add.

-Name

Required. Display name of the alert; must be unique among alerts.

-Frequency

How often notifications are evaluated: e.g. event (each qualifying event), or N:day / N:hour / N:minute style throttling.

-AuditEvent

One or more audit event type names (e.g. login). Comma-separated in one string and/or pass -AuditEvent multiple times. Names must exist on the server.

-User

Limit to events for specific enterprise users, by email. Comma-separated or repeated.

-RecordUid

Limit to events involving specific record UIDs. Comma-separated or repeated.

-SharedFolderUid

Limit to events involving specific shared folder UIDs. Comma-separated or repeated.

-Active

on or off: whether the alert starts enabled (on) or created in a disabled state (off).

-Format

Output when showing the new alert after create: table, csv, or json.

-Output

File path when -Format is csv or json.

Example:

PS >  Get-KeeperAuditAlert -Action add -Name 'PC Test Alert' -AuditEvent login -Frequency event

Name                              Value
----                              -----
Alert ID                             12
Alert name                PC Test Alert
Status                          Enabled
Frequency              Every Occurrence
Occurrences
Sent Counter
Last Sent
Event Types                       login
Send To Originator (*)            False

Python CLI

Command: audit-alert add

Options

-h, --help show this help message and exit
--name - Alert Name (required)
--frequency - Alert Frequency. Format: [N:]event|minute|hour|day
--audit-event - Audit Event.
--user - Username. Can be repeated.
--record-uid - Record UID. Can be repeated.
--shared-folder-uid - Shared Folder UID. Can be repeated.
--active - Enable or disable alert: on or off

Example:

My Vault> audit-alert add --name <name> --frequency <event|minute|hour|day> --audit-event <Event> --record-uid <UID> --user <user> --active on/off

Python SDK

Function: Coming Soon

Audit-Alert edit Command

Edit audit alert.

DotNet CLI

Command: Coming Soon

DotNet SDK

Function: Coming Soon

PowerCommander

Command: Get-KeeperAuditAlert -Action edit

Alias: audit-alert

Parameters

Flag

Description

-Action

Must be edit.

-Target

Required. Alert to change: numeric ID or exact name.

-Name

New name for the alert (optional).

-Frequency

New frequency string (same rules as add).

-AuditEvent

Replace/apply audit event filters (same as add).

-User

User filter by email (same as add).

-RecordUid

Record UID filter (same as add).

-SharedFolderUid

Shared folder UID filter (same as add).

-Active

on or off: turn the alert enabled or disabled at the context level.

-Format

Output format for the follow-up view of the alert.

-Output

File path for csv/json output of that view.

Example:

PS > Get-KeeperAuditAlert -Action edit -Target 13 -Name 'Renamed Alert'   

Name                              Value
----                              -----
Alert ID                             13
Alert name                Renamed Alert
Status                          Enabled
Frequency              Every Occurrence
Occurrences
Sent Counter
Last Sent
Event Types                       login
Send To Originator (*)            False

Python CLI

Command: audit-alert edit

Parameter:

ALERT - Alert ID or Name (required)

Options

-h, --help show this help message and exit
--name - Alert Name
--frequency - Alert Frequency. Format: [N:]event|minute|hour|day
--audit-event - Audit Event. Can be repeated.
--user - Username. Can be repeated.
--record-uid - Record UID. Can be repeated.
--shared-folder-uid - Shared Folder UID. Can be repeated.
--active - Enable or disable alert: on or off

Example:

My Vault> audit-alert edit <Alert_ID> --name <name> --user <user> --active on/off

Python SDK

Function: Coming Soon

Audit-Alert reset-counts Command

Reset alert counts.

DotNet CLI

Command: Coming Soon

DotNet SDK

Function: Coming Soon

PowerCommander

Command: Get-KeeperAuditAlert -Action reset-counts

Alias: audit-alert

Parameters

Flag

Description

-Action

Must be ResetCounts.

-Target

Required. Alert: ID or name.

Example:

PS >  Get-KeeperAuditAlert -Action reset-counts -Target 12   
Alert counts reset to zero.

Python CLI

Command: audit-alert reset-count

Parameter:

ALERT - Alert ID or Name (required)

Option:

-h, --help show this help message and exit

Example:

My Vault> audit-alert reset-count <Alert_ID>
Alert counts reset to zero

Python SDK

Function: Coming Soon

Audit-Alert recipient Command

Modify alert recipients.

DotNet CLI

Command: Coming Soon

DotNet SDK

Function: Coming Soon

PowerCommander

Command: Get-KeeperAuditAlert -Action recipient

Alias: audit-alert

Parameters

Flag

Description

-Action

Must be recipient.

-Target

Required. Which alert to change: ID or name.

-RecipientAction

Required. add (new recipient row), edit, delete, enable, or disable for a recipient.

-Recipient

For enable, disable, delete, edit: recipient name, numeric id, or * for “user who generated event” on enable/disable. For add, optional until you set channels; other flags build the new row.

-RecipientName

Display name for the recipient.

-Email

Email notification address.

-Phone

SMS number; may use +country prefix for country code parsing.

-Webhook

Webhook URL; empty string can clear webhook on edit.

-HttpBody

Webhook body template; may be @path to read from a file.

-CertErrors

ignore or enforce for TLS verification to the webhook host.

-GenerateToken

Regenerate webhook access token (switch).

-Format

Format for the view shown after the change.

-Output

File path for csv/json of that view.

Example:

PS >  Get-KeeperAuditAlert -Action recipient -Target 13 -RecipientAction enable  -Recipient '*'   

Name                              Value
----                              -----
Alert ID                             13
Alert name                Renamed Alert
Status                          Enabled
Frequency              Every Occurrence
Occurrences
Sent Counter
Last Sent
Event Types                       login
Send To Originator (*)             True

Python CLI

Command: audit-alert recipient <parameter>

Parameter: ALERT Alert ID or Name.

Options: -h, --help show this help message and exit

Recipient actions:

enable - Enables recipient
- RECIPIENT - Recipient ID or Name. Use "*" for "User who generated event"
disable - Disables recipient
- RECIPIENT - Recipient ID or Name. Use "*" for "User who generated event"
delete - Deletes recipient
- RECIPIENT - Recipient ID or Name
add - Adds recipient
- --name - Recipient name
- --email - Email address
- --phone - Phone number. Format: +1 (555) 555-1234
- --webhook - Webhook URL. See https://docs.keeper.io/enterprise-guide/webhooks
- --http-body - Webhook HTTP Body
- --cert-errors - Webhook SSL Certificate errors: ignore or enforce
- --generate-token - Generate new access token
edit - Edit recipient
- RECIPIENT - Recipient ID or Name (required)
- --name - Recipient name
- --email - Email address
- --phone - Phone number. Format: +1 (555) 555-1234
- --webhook - Webhook URL
- --http-body - Webhook HTTP Body
- --cert-errors - Webhook SSL Certificate errors: ignore or enforce
- --generate-token - Generate new access token

Example:

My Vault> audit-alert recipient 1
 Alert ID  1
            Alert name  eMail - changed or alternative created - LAF Consulting
                Status  Enabled

           Recipients:
Send To Originator (*)  False
          Recipient ID  1
                  Name  user
                Status  Enabled
              Email To  user@company.com

          Recipient ID  2
                  Name  user2
                Status  Enabled
              Email To  user2@company.com

Python SDK

Function: Coming Soon

Audit-Alert enable and disable Command

Turns the whole alert on / off.

DotNet CLI

Command: Coming Soon

DotNet SDK

Function: Coming Soon

PowerCommander

Command: Get-KeeperAuditAlert -Action enable

Alias: audit-alert

Parameter:

Flag

Description

-Action

Must be disable/enable.

-Target

One alert: ID or name. Do not use with -All.

-All

Disable every alert. Do not use with -Target.

Example:

PS > Get-KeeperAuditAlert -Action disable  -Target 13
Alert "Renamed Alert" has been disabled.

Name                              Value
----                              -----
Alert ID                             13
Alert name                Renamed Alert
Status                         Disabled
Frequency              Every Occurrence
Occurrences
Sent Counter
Last Sent
Event Types                       login
Send To Originator (*)             True

Python CLI

Command: Coming Soon

Python SDK

Function: Coming Soon

PreviousDevice Approve Commands NextMiscellaneous Commands

Last updated 1 month ago