In this presentation Sharvari will cover the reporting and auditing capabilities available with Identity Security Cloud and how they can help achieve a high level of visibility, accountability and help improve security, compliance, and business outcomes. Sharvari will cover the following topics: using Search, APIs and scripting, Secure Data Share and Access Intelligence Center.
Uploading the search queries, powershell commands and scripts that i used during this presentation.
All identities with a last name which starts with A through M (uses regex).
attributes.lastname:/[a-m].*/
All identities with no email, last name, or username attribute.
(NOT exists:attributes.lastname) OR (NOT exists:attributes.email) OR (NOT exists:attributes.uid)
Identities created in the past week OR Identities Terminated in the past 90 days
created:[now-1w TO now] / attributes.endDate:[now-90d TO now]
Inactive Identities with an active Active Directory Accounts
attributes.cloudLifecycleState:inactive AND @accounts(source.name:“Active Directory” AND disabled:false)
Find identities with AD accounts which have had a password set within a certain time period (using AD passwordLastSet timestamp):
@accounts( source.name:“AD” AND passwordLastSet:[2023-08-01 TO 2023-09-01] )
Please see below the search and report templates used with Sailpoint CLI.
my_report_template.json (585 Bytes)
my_search_template.json (761 Bytes)
Search Identities.ps1 (1.1 KB)
Search Identity.ps1 (492 Bytes)
Get-Accounts.ps1 (548 Bytes)
PS: For Sailpoint CLI and SDK commands/scripts to work, you need to install and setup them locally and provide your tenant configuration following the instructions here.