Open monodata opened 9 months ago
pro4tlzz
commented
9 months ago Thanks for using this :)
If I do this (not committing to this) do you think a CSV download of the audit data would suffice?
Or would a popup with the information be easier? Personally I'd prefer an export for this but I'm not a HTML expert so making a good popup might be a challenge for me.
monodata
commented
9 months ago Thanks for the response!
A CSV would do it but even if the query could be adapted so it checks if 'audits' > 0 then displays the information within that array. Dont really need to see the password, etc.
For example, heres a santised & trimmed JSON dump from my API:
{
"totalCount": 2,
"results": [
{
"password": "OQDEBS-BH3JR7-MM6FEY-3TKREELY",
"dateLastSeen": null,
"expirationTime": "2023-10-18T08:26:50.530Z",
"audits": []
},
{
"password": "FUXULP-I5FLYQ-6S3Y43-GSGW4VGA",
"dateLastSeen": "2023-10-25T10:15:39.697Z",
"expirationTime": "2023-10-25T10:19:40.305Z",
"audits": [
{
"dateSeen": "2023-10-25T09:19:40.405Z",
"viewedBy": "first.last"
},
{
"dateSeen": "2023-10-25T10:12:29.630Z",
"viewedBy": "first.last"
},
{
"dateSeen": "2023-10-25T10:15:39.697Z",
"viewedBy": "first.last"
}
]
}
]
}The first result has no audit entries but the second does and the only relevant info would be the following:
{
"dateSeen": "2023-10-25T09:19:40.405Z",
"viewedBy": "first.last"
},
{
"dateSeen": "2023-10-25T10:12:29.630Z",
"viewedBy": "first.last"
},
{
"dateSeen": "2023-10-25T10:15:39.697Z",
"viewedBy": "first.last"
}So if that result could be displayed in a similar popup to the password that would be enough!
Hey,
Really like your work on the Jamf LAPS password bookmarklet and I did ask on the Jamf forum if it could be adapted to read the audit.
A customer who showed me this tool would also like to have it that they can view who has read the pwd of a particular account on that machine but my knowledge of working with JS is rudimentary, at best!