Feature: Advanced Reporting & Alerts Module (ARAM)

Gain real-time visibility with advanced reporting and alerts

Keeper's ARAM provides comprehensive audit trails, SIEM integration and event-based alerting to help you maintain compliance, monitor risk and stop threats before they escalate.

Start Free Trial Buy Now

Keeper admin dashboard showing a 30-day timeline chart of reporting events and a table of event counts by type.

Stay ahead with smarter reporting and alerts

Filter panel with dropdowns for users, event types, attributes, display options, and last 30 days, plus Reset and Apply buttons.

Trigger event-based alerts

Get real-time alerts on over 300 event types, including human and NHI usage, administrative policy changes, record sharing, BreachWatch dark web detections, privilege elevation requests, PAM sessions, credential access and more. The interactive event timeline shows the most recent activities to help your team respond faster.

Use custom and pre-built reports

Design tailored reports with flexible filtering, custom columns and dynamic sorting. Unlimited event history and report storage are included, giving you long-term visibility without limits.

Alerts settings page with tabs for Reporting, Alerts, and External Logging, showing alert frequency, occurrences, and toggle switches.

Terminal window showing Keeper Commander with breach-related search results for MySQL credentials and affected records.

Automate reporting with CLI and Commander

Use Keeper Commander to generate, schedule and export event reports via the command line or automation scripts. This gives security and DevOps teams a fast, repeatable way to integrate Keeper data into existing workflows and toolchains.

Customize real-time alerts for specific security risks

Send alerts via email, SMS or Webhook notification to your ITSM platform to ensure the right teams are notified instantly. Customize triggers and frequency to reduce noise and stay focused on high-risk events.

Checklist of event categories with selected items, counts, and navigation arrows for each category.

Grid of six compliance and security certification badges, including AICPA SOC, ISO, FIPS 140-3, and NIST.

Support regulatory compliance

Simplify evidence collection with on-demand audit trails and policy enforcement logging. ARAM supports frameworks like SOC 2, ISO 27001, HIPAA, CMMC and NIST 800-53.

Monitor breach exposure with BreachWatch®

Get alerts when users have passwords exposed on the dark web. Track risk resolution automatically when passwords are updated in their Keeper Vault.

Table of users with counts for high-risk, passed, and scan-ignored items.

Integrate seamlessly with Security Information and Event Management (SIEM) tools

Feed your event data into third-party tools for more sophisticated analysis. It's simple to set up for a variety of popular tools, including:

See All SIEM Integrations

Frequently asked questions

What events can I track with Advanced Reporting and Alerts?

Keeper supports over 300+ event types, broken down into 16+ categories, including human and NHI secrets usage, endpoint privilege elevations, vault access, role changes, record sharing, 2FA changes and many more.

How does Keeper integrate with our SIEM?

Keeper offers direct Security Information and Event Management (SIEM) integration and supports popular platforms like Splunk, Datadog, Crowdstrike, Sumo Logic and Microsoft Sentinel. Events can also be sent through syslog or webhooks.

Are alerts customizable?

Yes, you can configure alerts based on event types, users, nodes or roles and send them through email, Slack, Microsoft Teams or custom webhooks.

Can I export data for audits?

Yes, you can generate and export reports in CSV or JSON formats for auditors or internal reviews.

What happens if our SIEM platform goes offline?

Keeper pauses external log forwarding when queue limits are reached and notifies administrators. You can resume logging manually or configure automatic retries.