Get-OCIDatasafeAuditEventAnalyticsList

SYNOPSIS

Invokes DataSafe service - ListAuditEventAnalytics operation.

SYNTAX

Limit

Get-OCIDatasafeAuditEventAnalyticsList -CompartmentId <String> [-OpcRequestId <String>] [-IfMatch <String>] [-Limit <Int32>] [-Page <String>] [-CompartmentIdInSubtree <Boolean>] [-AccessLevel <AccessLevelEnum>] [-ScimQuery <String>] [-SummaryField <System.Collections.Generic.List`1[Oci.DatasafeService.Requests.ListAuditEventAnalyticsRequest+SummaryFieldEnum]>] [-TimeStarted <DateTime>] [-TimeEnded <DateTime>] [-QueryTimeZone <String>] [-GroupBy <System.Collections.Generic.List`1[Oci.DatasafeService.Requests.ListAuditEventAnalyticsRequest+GroupByEnum]>] [-OpcRetryToken <String>] [-SortOrder <SortOrderEnum>] [-SortBy <SortByEnum>] [-ConfigFile <String>] [-Endpoint <String>] [-NoRetry] [-Profile <String>] [-Region <String>] [-FullResponse] [-TimeOutInMillis <Int32>] [-AuthType <AuthenticationType>] [<CommonParameters>]

AllPages

Get-OCIDatasafeAuditEventAnalyticsList -CompartmentId <String> [-OpcRequestId <String>] [-IfMatch <String>] [-Page <String>] [-CompartmentIdInSubtree <Boolean>] [-AccessLevel <AccessLevelEnum>] [-ScimQuery <String>] [-SummaryField <System.Collections.Generic.List`1[Oci.DatasafeService.Requests.ListAuditEventAnalyticsRequest+SummaryFieldEnum]>] [-TimeStarted <DateTime>] [-TimeEnded <DateTime>] [-QueryTimeZone <String>] [-GroupBy <System.Collections.Generic.List`1[Oci.DatasafeService.Requests.ListAuditEventAnalyticsRequest+GroupByEnum]>] [-OpcRetryToken <String>] [-SortOrder <SortOrderEnum>] [-SortBy <SortByEnum>] [-All] [-ConfigFile <String>] [-Endpoint <String>] [-NoRetry] [-Profile <String>] [-Region <String>] [-FullResponse] [-TimeOutInMillis <Int32>] [-AuthType <AuthenticationType>] [<CommonParameters>]

DESCRIPTION

By default the ListAuditEventAnalytics operation will return all of the summary columns. To filter for a specific summary column, specify it in the summaryField query parameter. Example: /auditEventAnalytics?summaryField=targetName&summaryField=userName&summaryField=clientHostname &summaryField=dmls&summaryField=privilegeChanges&summaryField=ddls&summaryField=loginFailure&summaryField=loginSuccess &summaryField=allRecord&scimQuery=(auditEventTime ge "2021-06-13T23:49:14") /auditEventAnalytics?timeStarted=2022-08-18T11:02:26.000Z&timeEnded=2022-08-24T11:02:26.000Z This will give number of events grouped by periods. Period can be 1 day, 1 week, etc. /auditEventAnalytics?summaryField=targetName&groupBy=targetName This will give the number of events group by targetName. Only targetName summary column would be returned.

PARAMETERS

-AccessLevel

Valid values are RESTRICTED and ACCESSIBLE. Default is RESTRICTED. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to RESTRICTED permissions are checked and no partial results are displayed.

Type: AccessLevelEnum
Parameter Sets: (All)
Aliases: None
Accepted values: Restricted, Accessible

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-All

Fetches all pages of results.

Type: SwitchParameter
Parameter Sets: AllPages
Aliases: None

Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-AuthType

Type of authentication to use for making API requests. Default is Key based Authentication.

Type: AuthenticationType
Parameter Sets: (All)
Aliases: None
Accepted values: ApiKey, InstancePrincipal, SessionToken

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-CompartmentId

A filter to return only resources that match the specified compartment OCID.

Type: String
Parameter Sets: (All)
Aliases: None

Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-CompartmentIdInSubtree

Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.

Type: Boolean
Parameter Sets: (All)
Aliases: None

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-ConfigFile

The path to the config file.

Type: String
Parameter Sets: (All)
Aliases: None

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Endpoint

The value to use as the service endpoint, including any required API version path.

Type: String
Parameter Sets: (All)
Aliases: None

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-FullResponse

Output the complete response returned by the API Operation. Using this switch will make this Cmdlet output an object containing response headers in-addition to an optional response body.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: None

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-GroupBy

A groupBy can only be used in combination with summaryField parameter. A groupBy value has to be a subset of the values mentioned in summaryField parameter.

Type: System.Collections.Generic.List`1[Oci.DatasafeService.Requests.ListAuditEventAnalyticsRequest+GroupByEnum]
Parameter Sets: (All)
Aliases: None
Accepted values: AuditEventTime, DbUserName, TargetId, TargetName, TargetClass, ObjectType, ClientHostname, ClientProgram, ClientId, AuditType, EventName, ObjectOwner, AuditPolicies, ObjectName, OsUserName, ErrorCode, ClientIp, ExternalUserId

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-IfMatch

For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource's current etag value.

Type: String
Parameter Sets: (All)
Aliases: None

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-Limit

For details about how pagination works, see List Pagination.

Type: Int32
Parameter Sets: Limit
Aliases: None

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-NoRetry

Disable retry logic for calls to services.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: None

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-OpcRequestId

Unique identifier for the request.

Type: String
Parameter Sets: (All)
Aliases: None

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-OpcRetryToken

A token that uniquely identifies a request so it can be retried in case of a timeout or server error without risk of executing that same action again. Retry tokens expire after 24 hours, but can be invalidated before then due to conflicting operations. For example, if a resource has been deleted and purged from the system, then a retry of the original creation request might be rejected.

Type: String
Parameter Sets: (All)
Aliases: None

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-Page

It is usually retrieved from a previous "List" call. For details about how pagination works, see List Pagination.

Type: String
Parameter Sets: (All)
Aliases: None

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-Profile

The profile in the config file to load.

Type: String
Parameter Sets: (All)
Aliases: None

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-QueryTimeZone

Default time zone is UTC if no time zone provided. The date-time considerations of the resource will be in accordance with the specified time zone.

Type: String
Parameter Sets: (All)
Aliases: None

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-Region

Region-id of the region to make calls against. eg) us-phoenix-1, ap-singapore-1

Type: String
Parameter Sets: (All)
Aliases: None

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-ScimQuery

The scimQuery query parameter accepts filter expressions that use the syntax described in Section 3.2.2.2 of the System for Cross-Domain Identity Management (SCIM) specification, which is available at RFC3339. In SCIM filtering expressions, text, date, and time values must be enclosed in quotation marks, with date and time values using ISO-8601 format. (Numeric and boolean values should not be quoted.)

Example: (auditEventTime ge "2021-06-04T01:00:26.000Z") and (eventName eq "LOGON") The attrExp or the field (for example, operationTime and eventName in above example) which is used to filter can be any of the fields returned by AuditEventSummary. adminUser, commonUser, sensitiveActivity, dsActivity can only have eq operation and value 1. These define admin user activity, common user activity, sensitive data activity and data safe activity Example: (adminUser eq 1)

Type: String
Parameter Sets: (All)
Aliases: None

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-SortBy

If this query parameter is specified, the result is ordered based on this query parameter value.

Type: SortByEnum
Parameter Sets: (All)
Aliases: None
Accepted values: TargetId, TargetClass, TargetName, ObjectType, DbUserName, EventName, AuditEventTime, ClientHostname, ClientProgram, ClientId, AuditType, ObjectOwner, AuditPolicies, ObjectName, OsUserName, ErrorCode, ClientIp, ExternalUserId

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-SortOrder

The sort order to use, either ascending (ASC) or descending (DESC).

Type: SortOrderEnum
Parameter Sets: (All)
Aliases: None
Accepted values: Asc, Desc

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-SummaryField

Specifies a subset of summarized fields to be returned in the response.

Type: System.Collections.Generic.List`1[Oci.DatasafeService.Requests.ListAuditEventAnalyticsRequest+SummaryFieldEnum]
Parameter Sets: (All)
Aliases: None
Accepted values: AuditEventTime, DbUserName, TargetId, TargetName, TargetClass, ObjectType, ClientHostname, ClientProgram, ClientId, AuditType, EventName, AllRecord, AuditSettingsChange, DbSchemaChange, EntitlementChange, LoginFailure, LoginSuccess, AllViolations, RealmViolations, RuleViolations, DvconfigActivities, Ddls, Dmls, PrivilegeChanges, AuditSettingsEnables, AuditSettingsDisables, Selects, Creates, Alters, Drops, Grants, Revokes, ObjectOwner, AuditPolicies, ObjectName, OsUserName, ErrorCode, ClientIp, ExternalUserId

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-TimeEnded

An optional filter to return audit events whose creation time in the database is less than and equal to the date-time specified, in the format defined by RFC3339.

Type: DateTime
Parameter Sets: (All)
Aliases: None

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-TimeOutInMillis

Max wait time in milliseconds for the API request to complete. Default is 100000 millis(100 secs).

Type: Int32
Parameter Sets: (All)
Aliases: None

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-TimeStarted

An optional filter to return audit events whose creation time in the database is greater than and equal to the date-time specified, in the format defined by RFC3339.

Type: DateTime
Parameter Sets: (All)
Aliases: None

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

OUTPUTS

• Oci.DatasafeService.Models.AuditEventAnalyticsCollection
• Oci.DatasafeService.Responses.ListAuditEventAnalyticsResponse

RELATED LINKS

• APIReference
• DotnetSDKAPI
• OCIModulesDocs
• OCIServiceConcepts
• Examples