Cloud Account Aggregation report

Identity Security Cloud (ISC) ISC Discussion and Questions
1

Hi everyone,

I wanted to schedule a cloud account aggregation report which is available in IDN Dash Board (Aggregation Activity)
image

I’m trying to get the report Using below API from Power shell, However not able to pull the data using “CLOUD_ACCOUNT_AGGREGATION”

I’m getting result, When i use this API in postman.

API:
https://(Org).api.identitynow.com/v2024/task-status?filters=type%20in%20(‘CLOUD_ACCOUNT_AGGREGATION’)

Do we have any ways to get the data and Scheule aggregation activity (Cloud_Account_aggregation) ?

Thank you.

2

According to the API specs for get-task-status-list, CLOUD_ACCOUNT_AGGREGATION is not a valid type to filter on. The valid values are QUARTZ, QUEUED_TASK and QPOC.

You would need to filter on the client side (which is fine since you’re using PowerShell) for the uniqueName property containing “Cloud Account Aggregation”

image
image745×119 4.94 KB

A big caveat to using this API

If you desire to have more than 90 rolling days of data in your report, I would suggest not using the task status API as the retention period is only 90 days

If you do not need the level of detail contained in the task-status API (accounts scanned, accounts created/updated/deleted), you can instead use the search-post API and search through events instead. You won’t get as much detail but you’ll have far more history available. It just depends on what you want.

Search Query

name:"Aggregate Source Account Failed" OR name:"Aggregate Source Account Passed"
1 Like
3

Hi Mark,

Thank you for Quick response.
Is there any way to get below attribute in the report without using powershell.

image
image323×181 2.77 KB

Thanks.

4

Yes, however you will only be able to collect the last 90 days worth of data due to the retention I mentioned above

Invoke-Paginate `
    -Function "Get-BetaTaskStatusList" `
    -Increment 250 `
    -Limit 10000 `
    -InitialOffset 0 `
    -Parameters @{"Sorters" = "-created" } |
    Where-Object {$_.taskDefinitionSummary.uniqueName -eq "Cloud Account Aggregation"} |
    Select-Object completionStatus, launched, completed, `
        @{Name = "Duration"; Expression = {
            if ($_.completed) {
                ($_.completed - $_.launched).TotalSeconds
            }
            else {
                ''
            }
        }}, `
        @{Name = "Source"; Expression = {$_.target.name}}, `
        @{Name = "Scanned"; Expression = {$_.attributes.total}}, `
        @{Name = "Optimization"; Expression = {$_.attributes.optimizedAggregation}} |
    Sort-Object launched

The results will look like this

image
image623×538 15 KB

3 Likes
5

Hi Mark ,

Thank you, We are able to fetch data using API, However we are not seeing all aggregation data in API.

May i know the reason, Is that expected ?

Example: if we have 10 aggregations in aggregation Activity, We are seeing 2-3 aggregations in API ?

And we are not able to fetch data for “Cloud Group Aggregation” from API, Do we have any separate API to fetch Group Aggregation?

Thank you.

6

@mark : Can we put or condition for Below response to get Cloud_account_aggregation and Cloud_group_Aggregation

$response = Invoke-RestMethod ‘https://uri.api.identitynow.com/v2024/task-status’ -Method ‘GET’ -Headers $idnHeaders2

Like :

https://$uri.api.identitynow.com/v2024/task-status?filters=type%20in%20(“CLOUD_GROUP_AGGREGATION”%2C%20"CLOUD_GROUP_AGGREGATION")

7

I mentioned this earlier, but those are not valid types

which is why in the script I added a where clause

Where-Object {$_.taskDefinitionSummary.uniqueName -eq "Cloud Account Aggregation"} |

If you want to include group aggregations, just add an or to that where clause

8

Are you paginating through the results?

If you are making a direct API call instead of using invoke-paginate with the PowerShell SDK, you’re only going to get 250 results, which could explain why you are missing data.