there is something regarding brute force detection (e.g. max login failures):
https://github.com/keycloak/keycloak-documentation/blob/master/server_admin/topics/threat/brute-force.adoc#password-guess-brute-force-attacks

IMO that's also good piece of info 

On Thu, Jan 18, 2018 at 5:23 PM, Jose Miguel Gallas Olmedo <jgallaso@redhat.com> wrote:
Hi,

So there is a fair amount of possible metrics to get from Keycloak. The most interesting I think are:
- Registrations
- Total Registrations
- Logins
- Logins by provider
- Total logged in

Then there are metrics for reset passwords, confirmation emails, token handling.. But I don't think there is much value on those.

What do you think?

JOSE MIGUEL GALLAS OLMEDO

ASSOCIATE QE, mobile

Red Hat 

M: +34618488633    




--
Project lead AeroGear.org