Comment on page

Report Types

Learn about reporting with Commander

About
Commander provides the ability to run a variety of reports using event data and compliance data.
Common Reports
A few examples of the types of reports that Commander can run include the following:
Find users that have not logged in for X days
See the last time each user last logged in
Find users that have not created or updated any records in X days
See all record UIDs that have been accessed by a user
Determine which shared folders that a team has access to
Determine which record passwords have NOT been changed in X days
Saving Reports to a File
All reports in Commander can be saved to a file.  To do this, add the following options to any report command:
--format This option tells Commander what form to return the report in. The options are json, csv, and table (which is the default view)
--output This option tells Commander the name of the file to save the report output to.  If the given file does not exist, it will be created.
Examples
Save a report as a CSV for use with Microsoft Excel or Google Sheets.
shared-folder-report --format csv --output "shared_folder_report_results.csv"
Save a report as a json file for use with scripts
user-report --format json --output "user_report.json"
Where are files saved?
When Commander creates a file it can be saved in one of a few places depending on how Commander is being run and what options were used.
Default Commander File Locations
If you are using the application version of Commander, files are saved to your user directory be default.  That is C:\users\username for Windows and /Users/username for MacOS.
If you are using Commander from the command line/terminal then files will be saved in the current directory by default.
Setting Specific Locations
When creating a file with Commander, if you provide a path before the filename, Commander will add the file in the specified location.  Paths can be relative or specific.
e.g. [...] --output "/reports/report.csv" will put the file in a folder called "reports" relative to the default location (so /Users/username/reports/ on Application version and current directory/reports/ if using the command line)
[...] --output "C:\reports\report.csv" will place the file in a folder named "reports" in the C directory (if on Windows)
​
Report Types
Learn more about the reports that Commander can run.  Click an option from this list to see the  command documentation.
Command
Explanation
​action-report​
Show users that haven't performed a specific action in a given number of days
​aging-report​
Display a report of password changes and search for records that have NOT been changed
​audit-log​
Export the enterprise audit and event logs
​audit-report​
Show a customized report of audit events  
​compliance-report​
See information about records in vaults of users across the enterprise
​msp-license-report​
Display information on managed company plans and available licenses
​security-audit-report​
Show report of password security strength for each user in the enterprise
​shared-records-report​
Display information about shared records
​share-report​
Show a report of shared records in the logged-in Keeper vault
​user-report​
Show a report of user logins
Common Reports in Detail
Find Users that have not Logged in
Requires the ARAM add-on
action-report --target no-logon
By default this looks back 30 days (results are all users that have not logged in in 30 days).  The number of days to look back for can be changed with the flag: --days X where "X" is the number of days to use.
Example
My Vault> action-report --target no-logon
​
Admin Action Taken:
        COMMAND: None
        STATUS: n/a
        SERVER MESSAGE: n/a
        AFFECTED: 0
​
3 Users With "no-logon" Status Older Than 30 Day(s):
​
username
-----------------------------------------
[email protected]
[email protected]
[email protected]
See the last time each user logged in
user-report --last-login
To include more details, such as the user's team(s) and Node run user-report without --last-login
Example
My Vault> user-report --last-login
Querying latest login for the last 365 days
Email                                      Name                                       Status    Transfer Status    Last Login
-----------------------------------------  -----------------------------------------  --------  -----------------  -------------------------
[email protected]                 John Smith                                 Active                       2022-08-22 12:33:03-05:00
[email protected]                Chris Apple                                Invited
[email protected]                 Samantha Strong                            Active                       2022-08-09 13:03:31-05:00
[email protected]                   Jane Doe                                   Active                       2022-10-10 09:07:34-05:00
[email protected]                Communication Admin                        Active
Find users that have not created or updated any records
Requires the ARAM add-on
action-report --target no-update
By default this looks back 30 days (results are all users that have not created or updated records in 30 days).  The number of days to look back for can be changed with the flag: --days X where "X" is the number of days to use.
Example
My Vault> action-report --target no-update
​
Admin Action Taken:
        COMMAND: None
        STATUS: n/a
        SERVER MESSAGE: n/a
        AFFECTED: 0
​
3 Users With "no-update" Status Older Than 30 Day(s):
​
username
-----------------------------------------
[email protected]
[email protected]
[email protected]
See all records accessed by a user
Requires ARAM add-on and Compliance Reports add-on
compliance record-access-report <USERNAME>
Replace <USERNAME> with the username or email address of the user to see access history of.
Example
My Vault> compliance record-access-report [email protected]
Loading record information.....
Record UID              Record Title                       Record URL                         Record Owner                IP Address       Device             Last Access
----------------------  ---------------------------------  ---------------------------------  -------------------------   ---------------  -----------------  -------------------
x4AOxLwR5tSA7u5R9Bwplw  wifi details                                                          [email protected]  11.00.001.001    Web App 16.7.3     2022-10-13 12:38:33
xrnnK1HWSLMVh_irjIGAJw  SAP Connect                                                           [email protected]  11.00.001.001    Commander 16.7.0   2022-10-13 12:12:46
xB36NT_lPxestkuCCg_35w                                                                                                    11.00.001.001    Web App 16.8.0     2022-10-07 09:39:10
U7YOaZv4pmLXGfTHPXuvaA                                                                                                    11.00.001.001    Commander 16.7.0   2022-10-05 15:09:43
a9TshEIoSluKXAccdJhHIQ  Dropbox                            dropbox.com/login                  [email protected]  11.00.001.001    Commander 16.7.0   2022-10-05 15:09:31
6wSYfG9UeHTzDDSIGeuiyg  Twitter                            https://www.twitter.com            [email protected]  11.00.001.001    Commander 16.7.0   2022-10-05 15:09:25
o6BJUKCGLa7mmMApzPjw4A  KCM Connect SSH                    127.0.0.1                          [email protected]  11.00.001.001    Commander 16.7.0   2022-10-05 15:09:14
See What Shared Folders Teams Have Access To
Requires Compliance Reports add-on
compliance team-report
Example
My Vault> compliance team-report
Loading compliance data....:...:...:...:...:...:...:...:...:...:...:...:...:
​
Team Name    Shared Folder Name     Shared Folder UID       Permissions
-----------  --------------------   ----------------------  -------------
Comms-Team   Comms Team Logins      8-2gk4cde5hWN5q7ENwpCA  read-only
Engineering  Deployment Credentials 3kf9kd4e5hWdN5q7Ed9fS0  can-edit
Management   Finances Logins        dO9S0cMQ_kPYAsUYILVlSA  can-share
Determine which record passwords have NOT been changed
Requires Compliance Reports add-on
aging-report
Example
My Vault> aging-report --format=table --period=1y
​
Owner            Record Title  Last Password Change    Shared    Record URL
---------------  ------------  ----------------------  --------  ----------
[email protected]  Hilton      2020-05-14 12:41:48     False     https://...
[email protected]  AlienVault  2020-02-04 12:30:35     True      https://...             
[email protected]  TripAdvisor 2020-07-08 15:22:55     False     https://...             
[email protected]  Amazon      ---                     False     https://...                
[email protected]  Kayak       2021-05-25 09:13:56     False     https://...             
[email protected]  Amazon      ---                     False     https://...

Command	Explanation
`action-report`	Show users that haven't performed a specific action in a given number of days
`aging-report`	Display a report of password changes and search for records that have NOT been changed
`audit-log`	Export the enterprise audit and event logs
`audit-report`	Show a customized report of audit events
`compliance-report`	See information about records in vaults of users across the enterprise
`msp-license-report`	Display information on managed company plans and available licenses
`security-audit-report`	Show report of password security strength for each user in the enterprise
`shared-records-report`	Display information about shared records
`share-report`	Show a report of shared records in the logged-in Keeper vault
`user-report`	Show a report of user logins

Reporting Commands

Enterprise Management Commands

Last modified 6mo ago