# Security Audit Report Command

### Security Audit Report

Generates a password security strength report for enterprise users, with options to filter by nodes, choose output format and destination, include BreachWatch data (if enabled), control score calculation, save or display updated audit results, attempt fixes for invalid security data, and run in non-interactive mode when required.

<details>

<summary>DotNet CLI</summary>

**Command:** `security-audit-report`

**Parameter:**

`--node` - Filter report results by enterprise nodes.

`--show-updated` - Recalculate and show updated security scores locally.

`--save` - Recalculate and save updated security scores to Keeper.

`--force` - Skip confirmation prompts (non-interactive mode).

`--score-type` - Choose scoring method: `default` or `strong_passwords`.

`--breachwatch` - Include Breach Watch metrics in the report (if enabled).

`--attempt-fix` - Reset invalid security data and trigger a fresh recalculation for affected users.

`--format` - Display the report in these formats json, table, csv

`--output` - Store the output in a file.

**Examples:**

```sh
My Vault> security-audit-report --format json --output security_score.json
```

```shellscript
My Vault> security-audit-report --score-type strong_passwords --save --force
```

```shellscript
My Vault> security-audit-report --breachwatch
```

</details>

<details>

<summary>DotNet SDK</summary>

Comming Soon

</details>

<details>

<summary>PowerCommander</summary>

**Command:** `Get-KeeperSecurityAuditReport`

**Parameter:**

`-Node` - Filter report results by enterprise nodes.

`-ShowUpdated` - Recalculate and show updated security scores locally.

`-Save` - Recalculate and save updated security scores to Keeper.

`-Force` - Skip confirmation prompts (non-interactive mode).

`-ScoreType` - Choose scoring method: `default` or `strong_passwords`.

`-BreachWatch` - Include Breach Watch metrics in the report (if enabled).

`-AttemptFix` - Reset invalid security data and trigger a fresh recalculation for affected users.

`-Format` - Display the report in these formats json, table, csv

`-Output` - Store the output in a file.

**Examples:**

```
PS > Get-KeeperBreachWatchReport -Format csv -Output "breachwatch_report.csv"

PS > Get-KeeperSecurityAuditReport -ScoreType strong_passwords -Save -Force  
Security scores pushed to Keeper.

Security Audit Report

Email                             Name                  Sync Pending Weak  Fair Medium Strong Reused Unique Security Score 2FA Node
-----                             ----                  ------------ ----  ---- ------ ------ ------ ------ -------------- --- ----
test@example.com                  test1                                0   222    310   1084    926    690             67 Off Node A
test1+qa@example.com              test1qa                             14  1322   2249   7419      0  11004             67 Off Node A
test1+test@example.com            atest                                0     0      0      0      0      0              0 Off Node A
test1+test1@example.com           btest                                0     1      0      2      0      3             67 Off Node A\Node B


PS > Get-KeeperSecurityAuditReport -BreachWatch                               

Security Audit Report (BreachWatch)

Email                             Name                  Sync Pending At Risk Passed Ignored
-----                             ----                  ------------ ------- ------ -------
test@example.com                  test1                                  170   1446     0
test1+qa@example.com              testqa                                 4      0       0
test1+test@example.com            atest                                  0      0       0
test1+test1@example.com           btest                                  0      3       0
```

</details>

<details>

<summary>Python CLI</summary>

**Command:** `security-audit-report`

**Flag:**

* `--format` format of output {table, csv, json}.
* `--output` output path to resulting output file (ignored for "table" format)
* `--syntax-help` display help
* `-n, --node` node name(s) or UID(s) of node(s) to filter results of the report by
* `-b, --breachwatch` display BreachWatch report. Ignored if BreachWatch is not active.
* `-s, --save` save updated security audit reports
* `-su, --show-updated` show updated data
* `-st, --score-type` define how score is calculated {strong\_passwords, default}.
* `--attempt-fix` do a "hard" sync for vaults with invalid security-data. Associated security scores are reset and will be inaccurate until affected vaults can re-calculate and update their security data.
* `-f, --force` skip confirmation prompts (non-interactive mode)

**Example:**

```
My Vault> security-audit-report --format json --output security_score.json
My Vault> security-audit-report --score-typ
```

</details>

<details>

<summary>Python SDK</summary>

**Function:**

```python
def _get_updated_security_report_row(
        self,
        sr: APIRequest_pb2.SecurityReport,
        last_saved_data: Dict[str, int],
        current_email: str
    ) -> Dict[str, int]:
```

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/keeperpam/commander-sdk/keeper-commander-sdks/sdk-command-reference/reporting-commands/security-audit-report-command.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.