GET /api/event/list

Identity Security Cloud (ISC) Non-Public API Deprecations
1

Replaced by:

Also, search can be used to find events.

More specifically, you can use the following request body to search on events:

{
  "indices": [
    "events"
  ],
  "query": {
    "query": "*"
  }
}

For more information on search for events, please read the following:

2

We use `GET /api/event/list’ to get the status of the entitlement aggregation
For this we use

sort = [{ "property": 'timestamp', "direction": 'DESC' }]

And

filter = [{ "property": 'type', value: "ENTITLEMENT_AGGREGATION" }, { "property": "objectType", "value": "source" },
              { "property": "objectId", "value": <<source_cloud_id>>}]

This would allow our scripts to know when entitlement aggregation has finished (succesfully/unsuccessfully) and when it can continue with its actions.
How can we use the search API to receive the status of the entitlement aggregation?

3

Try this search query.

{
    "indices": [
        "events"
   ],
    "query": {
        "query": "action:SOURCE_ENTITLEMENT_AGGREGATION"
   }
}
4

Search is not “real-time”: there is always a delay between when the event occurs and when the data is available in Search.

Will the UI use search on events as well to determine that the aggregation is completed when started in the UI?

1 Like
5

I have an action item to ask engineering about a real-time equivalent. In the meantime, search is the only way I can see how to get this information. Usually, search is only delayed by a few seconds or minutes…

6

Hi @colin_mckibben,

Search can also be delayed by hours. Try to create a role, make it requestable and hit apply changes. In our environment, it could take hours before we can actually request the role through the UI, simply because the SailPoint Request Center is using search to find the roles.

But ignoring the real-time vs sometime part for now, I believe it is not possible at all to find the entitlement aggregation status information through search.

2 Likes
7

It seems that get-account-aggregation-status | SailPoint Developer Community is a start.
But we should have something equivalent for entitlements, file upload, etc.

8

@colin_mckibben my use case is finding failed account aggregations as we have audit controls wrapped around them.

While searching for action:SOURCE_ACCOUNT_AGGREGATION_FAILED does produce results, it lacks the error messages that are contained in the /api/event/list endpoint

Event search - how do I follow the trackingNumber breadcrumb here?

{
        "org": "chk-sb",
        "pod": "stg02-useast1",
        "created": "2023-12-01T14:35:46.627Z",
        "id": "b3f5d88f1fd345b7b2d8ed74299abfae",
        "action": "SOURCE_ACCOUNT_AGGREGATION_FAILED",
        "type": "SOURCE_MANAGEMENT",
        "actor": {},
        "target": {
            "name": "Allegro DB [source]"
        },
        "stack": "qpoc",
        "trackingNumber": "f0aea96bc6214e9281ee1d87c4060d0b",
        "attributes": {
            "aggregationId": "3d14bd29c77a4af9adb462a823a1f7a2",
            "sourceId": "2c918088768763fb0176d382b5416913",
            "sourceName": "Allegro DB"
        },
        "objects": [
            "SOURCE",
            "ACCOUNT"
        ],
        "operation": "AGGREGATE",
        "status": "FAILED",
        "technicalName": "SOURCE_ACCOUNT_AGGREGATE_FAILED",
        "name": "Aggregate Source Account Failed",
        "synced": "2023-12-01T14:35:46.871Z",
        "_type": "event",
        "_version": "v7"
    }

/api/event/list

{
            "id": 4812685,
            "type": "CLOUD_ACCOUNT_AGGREGATION",
            "status": "ERROR",
            "timestamp": "2023-12-01T14:41:58Z",
            "dateCreated": "2023-12-01T14:41:58Z",
            "details": {
                "name": "Cloud Account Aggregation",
                "description": null,
                "messages": {
                    "Error": "[ ConnectorException ] \n [ Error details ] The server encountered an unexpected error while contacting target system. Please check the logs. Invalid column name 'securitygrou'."
                },
                "attributes": {
                    "eventId": 4812685,
                    "total": "0",
                    "clusterCcgBuild": "928",
                    "appId": "2c918088768763fb0176d382b5416913",
                    "optimizedAggregation": "enabled"
                },
                "completed": 1701441719616,
                "id": "e26c52b374db4714b2dfcf9a0359c4bf",
                "launched": 1701441717577,
                "status": "Error"
            },
            "user": {
                "alias": "366088",
                "externalId": "2c91808670f4c5dd0170f82275627256",
                "displayName": "Mark Cheek"
            },
            "object": {
                "id": 153400,
                "externalId": "2c918088768763fb0176d382b5416913",
                "type": "source",
                "displayName": "Allegro DB"
            }
        }
9

Hi @colin_mckibben,

Could you perhaps indicate the timeline for when the deprecated API will no longer be usable?

10

Hi Gilliam. All deprecated APIs will be turned off on March 31st. Please see this announcement for more information.

1 Like
11

Okay, thank you very much.