Cloud Account Aggregation report

Identity Security Cloud (ISC) ISC Discussion and Questions
1

Hi everyone,

I wanted to schedule a cloud account aggregation report which is available in IDN Dash Board (Aggregation Activity)
image

I’m trying to get the report Using below API from Power shell, However not able to pull the data using “CLOUD_ACCOUNT_AGGREGATION”

I’m getting result, When i use this API in postman.

API:
https://(Org).api.identitynow.com/v2024/task-status?filters=type%20in%20(‘CLOUD_ACCOUNT_AGGREGATION’)

Do we have any ways to get the data and Scheule aggregation activity (Cloud_Account_aggregation) ?

Thank you.

2

According to the API specs for get-task-status-list, CLOUD_ACCOUNT_AGGREGATION is not a valid type to filter on. The valid values are QUARTZ, QUEUED_TASK and QPOC.

You would need to filter on the client side (which is fine since you’re using PowerShell) for the uniqueName property containing “Cloud Account Aggregation”

image
image745×119 4.94 KB

A big caveat to using this API

If you desire to have more than 90 rolling days of data in your report, I would suggest not using the task status API as the retention period is only 90 days

If you do not need the level of detail contained in the task-status API (accounts scanned, accounts created/updated/deleted), you can instead use the search-post API and search through events instead. You won’t get as much detail but you’ll have far more history available. It just depends on what you want.

Search Query

name:"Aggregate Source Account Failed" OR name:"Aggregate Source Account Passed"
1 Like
3

Hi Mark,

Thank you for Quick response.
Is there any way to get below attribute in the report without using powershell.

image
image323×181 2.77 KB

Thanks.

4

Yes, however you will only be able to collect the last 90 days worth of data due to the retention I mentioned above

Invoke-Paginate `
    -Function "Get-BetaTaskStatusList" `
    -Increment 250 `
    -Limit 10000 `
    -InitialOffset 0 `
    -Parameters @{"Sorters" = "-created" } |
    Where-Object {$_.taskDefinitionSummary.uniqueName -eq "Cloud Account Aggregation"} |
    Select-Object completionStatus, launched, completed, `
        @{Name = "Duration"; Expression = {
            if ($_.completed) {
                ($_.completed - $_.launched).TotalSeconds
            }
            else {
                ''
            }
        }}, `
        @{Name = "Source"; Expression = {$_.target.name}}, `
        @{Name = "Scanned"; Expression = {$_.attributes.total}}, `
        @{Name = "Optimization"; Expression = {$_.attributes.optimizedAggregation}} |
    Sort-Object launched

The results will look like this

image
image623×538 15 KB

4 Likes
5

Hi Mark ,

Thank you, We are able to fetch data using API, However we are not seeing all aggregation data in API.

May i know the reason, Is that expected ?

Example: if we have 10 aggregations in aggregation Activity, We are seeing 2-3 aggregations in API ?

And we are not able to fetch data for “Cloud Group Aggregation” from API, Do we have any separate API to fetch Group Aggregation?

Thank you.

6

@mark : Can we put or condition for Below response to get Cloud_account_aggregation and Cloud_group_Aggregation

$response = Invoke-RestMethod ‘https://uri.api.identitynow.com/v2024/task-status’ -Method ‘GET’ -Headers $idnHeaders2

Like :

https://$uri.api.identitynow.com/v2024/task-status?filters=type%20in%20(“CLOUD_GROUP_AGGREGATION”%2C%20"CLOUD_GROUP_AGGREGATION")

7

I mentioned this earlier, but those are not valid types

which is why in the script I added a where clause

Where-Object {$_.taskDefinitionSummary.uniqueName -eq "Cloud Account Aggregation"} |

If you want to include group aggregations, just add an or to that where clause

8

Are you paginating through the results?

If you are making a direct API call instead of using invoke-paginate with the PowerShell SDK, you’re only going to get 250 results, which could explain why you are missing data.

10

As I mentioned in my previous reply, you have to paginate through the results to get them all.

Like many of the SailPoint APIs, this endpoint only returns the first 250 records, even if there are more than 250 records that would have been returned by this query.

In order to retrieve all the records, you must make multiple queries returning 250 pages of results at a time, also known as paginating. You do this through the use of the query parameters limit and offset.

You can see how many result would be returned through the use of the count query parameter

count
boolean
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.

Look and see how many results would be returned via this method. If it is more than 250, you have to paginate.

The reason I provided a script using the PowerShell SDK is there are built in methods like Invoke-Paginate to take care of this for you, which means you have to write much less code

11

Hi mark,

Yes, I can see 250 records which is fine.

Can i get last 24 hours of aggregation records ?

Thanks.

12

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.