I also think that the most obvious metrics are:
* Currently logged in Users
* Failed login attempts (which could help the customer to configure the brute force detection)
Keycloak distinguishes between Users and Clients. Events like Login and Logout are available for both. As far as I understand Clients are applications that delegate to Keycloak to process authentication requests. I’m not quite sure what a Client Login then refers to in contrast to a User login. Matthias do you know more about this?
As for registrations: is this only counted when a new User in Keycloak is created, or also when external services (like Google OAuth, etc.) are used? Jose maybe you can try this and check which events are created?
there is something regarding brute force detection (e.g. max login failures):
IMO that's also good piece of info