Exploring your data in the Identity Security Cloud


In this presentation Sharvari will cover the reporting and auditing capabilities available with Identity Security Cloud and how they can help achieve a high level of visibility, accountability and help improve security, compliance, and business outcomes. Sharvari will cover the following topics: using Search, APIs and scripting, Secure Data Share and Access Intelligence Center.

Uploading the search queries, powershell commands and scripts that i used during this presentation.

Search Queries

  • All identities with a last name which starts with A through M (uses regex).

  • All identities with no email, last name, or username attribute.
    (NOT exists:attributes.lastname) OR (NOT exists:attributes.email) OR (NOT exists:attributes.uid)

  • Identities created in the past week OR Identities Terminated in the past 90 days
    created:[now-1w TO now] / attributes.endDate:[now-90d TO now]

  • Inactive Identities with an active Active Directory Accounts
    attributes.cloudLifecycleState:inactive AND @accounts(source.name:“Active Directory” AND disabled:false)

  • Find identities with AD accounts which have had a password set within a certain time period (using AD passwordLastSet timestamp):
    @accounts( source.name:“AD” AND passwordLastSet:[2023-08-01 TO 2023-09-01] )

Sailpoint CLI -

  1. sail search query “name:amy*” --indices identities
  2. sail search template
  3. sail report

Please see below the search and report templates used with Sailpoint CLI.
my_report_template.json (585 Bytes)
my_search_template.json (761 Bytes)

Search Identities Script using REST API

Search Identities.ps1 (1.1 KB)

Scripts using Sailpoint SDK (Powershell) for searching identities and accounts

Search Identity.ps1 (492 Bytes)
Get-Accounts.ps1 (548 Bytes)

PS: For Sailpoint CLI and SDK commands/scripts to work, you need to install and setup them locally and provide your tenant configuration following the instructions here.

1 Like