public/Get-VPASAccountActivity.ps1
|
<#
.Synopsis GET ACCOUNT ACTIVITY CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO GET THE ACTIVITY OF AN ACCOUNT .LINK https://vpasmodule.com/commands/Get-VPASAccountActivity .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER safe Safe name that will be used to query for the target account if no AcctID is passed .PARAMETER username Username that will be used to query for the target account if no AcctID is passed .PARAMETER platform PlatformID that will be used to query for the target account if no AcctID is passed .PARAMETER address Address that will be used to query for the target account if no AcctID is passed .PARAMETER AcctID Unique ID that maps to a single account, passing this variable will skip any query functions .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $AccountActivityJSON = Get-VPASAccountActivity -safe {SAFE VALUE} -username {USERNAME VALUE} -platform {PLATFORM VALUE} -address {ADDRESS VALUE} .EXAMPLE $AccountActivityJSON = Get-VPASAccountActivity -AcctID {ACCTID VALUE} .EXAMPLE $InputParameters = @{ safe = "TargetSafe" platform = "TargetPlatformID" username = "TargetUsername" address = "TargetAddress" } $AccountActivityJSON = Get-VPASAccountActivity -InputParameters $InputParameters .EXAMPLE $InputParameters = @{ AcctID = "22_123" } $AccountActivityJSON = Get-VPASAccountActivity -InputParameters $InputParameters .OUTPUTS If successful: { "Activities": [ { "Alert": false, "Date": 1723776151, "User": "vman@cyberark.cloud.1234", "Action": "Get File Request", "ActionID": 109, "ClientID": "PVWA", "MoreInfo": "", "Reason": "(ConnectionClient=PSM-RDP) Testing Account Request [From 8/16/2024 1:00:00 PM to 8/16/2024 5:00:00 PM multiple operations]" }, { "Alert": true, "Date": 1716701723, "User": "vman@cyberark.cloud.1234", "Action": "Retrieve File", "ActionID": 43, "ClientID": "PVWA", "MoreInfo": "", "Reason": "" }, { "Alert": false, "Date": 1715651891, "User": "normaluser@vman.com", "Action": "Get File Request", "ActionID": 109, "ClientID": "PVWA", "MoreInfo": "", "Reason": "testing bulk request via apis [From 5/14/2024 1:58:11 AM to 6/13/2024 1:58:11 AM ]" }, { "Alert": false, "Date": 1715222731, "User": "vadim@vman.pam", "Action": "Retrieve password", "ActionID": 295, "ClientID": "PVWA", "MoreInfo": "", "Reason": "(Action: Show Password)" } ], "Total": 4 } --- $false if failed #> function Get-VPASAccountActivity{ [OutputType('System.Object',[bool])] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [String]$safe, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [String]$platform, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [String]$username, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [String]$address, [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique AccountID of the target account (for example: 22_123)")] [String]$AcctID, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("safe","platform","username","address") MandatoryKeys = @() } set2 = @{ AcceptableKeys = @("AcctID") MandatoryKeys = @("AcctID") } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO RETRIEVE ACCOUNT ACTIVITY" Write-VPASOutput -str $_ -type E return $false } try{ if([String]::IsNullOrEmpty($AcctID)){ Write-Verbose "NO ACCTID PROVIDED...INVOKING HELPER FUNCTION TO RETRIEVE UNIQUE ACCOUNT ID BASED ON SPECIFIED PARAMETERS" $AcctID = Get-VPASAccountIDHelper -token $token -safe $safe -platform $platform -username $username -address $address Write-Verbose "RETURNING ACCOUNT ID" } else{ Write-Verbose "ACCTID SUPPLIED, SKIPPING HELPER FUNCTION" } if($AcctID -eq -1){ $log = Write-VPASTextRecorder -inputval "COULD NOT FIND UNIQUE ACCOUNT ENTRY, INCLUDE MORE SEARCH PARAMETERS" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "COULD NOT FIND UNIQUE ACCOUNT ENTRY, INCLUDE MORE SEARCH PARAMETERS" Write-VPASOutput -str "COULD NOT FIND UNIQUE ACCOUNT ENTRY, INCLUDE MORE SEARCH PARAMETERS" -type E return $false } elseif($AcctID -eq -2){ $log = Write-VPASTextRecorder -inputval "NO ACCOUNTS FOUND" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "NO ACCOUNT FOUND" Write-VPASOutput -str "NO ACCOUNTS FOUND" -type E return $false } else{ if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/API/Accounts/$AcctID/Activities" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/API/Accounts/$AcctID/Activities" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD write-verbose "MAKING API CALL TO CYBERARK" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURNARRAY Write-Verbose "RETURNING JSON OBJECT" return $response } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "UNABLE TO GET ACCOUNT ACTIVITY" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |