search

pspete / psPAS

PowerShell module for CyberArk Privileged Access Security REST API
https://pspas.pspete.dev
MIT License
296 stars 91 forks source link

No user account activity Get-PASaccountActivity #152

Closed malher closed 5 years ago

malher commented 5 years ago

Your Environment

Expected Behaviour

Provide activity on the account

Current Behaviour

Errors out with error 500. writeErrorStream : True PSMessageDetails : Exception : Microsoft.PowerShell.Commands.WriteErrorException: The remote server returned an error: (500) Internal Server Error. TargetObject : CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException FullyQualifiedErrorId : 500,Invoke-PASRestMethod ErrorDetails : InvocationInfo : System.Management.Automation.InvocationInfo ScriptStackTrace : at Invoke-PASRestMethod, : line 179 at Get-PASAccountActivity, : line 108 at , : line 1 PipelineIterationInfo : {0, 1}

Possible Solution

Steps to Reproduce (for bug reports)

1 . $token = New-PASSession -Credential $credentials -BaseURI https://uri -type LDAP -Verbose -SkipVersionCheck

2 .$token | Get-PASAccount -search account -Verbose

3 . $token | Get-PASAccount -search account -Verbose | Get-PASAccountActivity -Verbose

4 . $token | Get-PASAccountActivity -Verbose -AccountID IDNumber

Sample Output

writeErrorStream : True PSMessageDetails : Exception : Microsoft.PowerShell.Commands.WriteErrorException: The remote server returned an error: (500) Internal Server Error. TargetObject : CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException FullyQualifiedErrorId : 500,Invoke-PASRestMethod ErrorDetails : InvocationInfo : System.Management.Automation.InvocationInfo ScriptStackTrace : at Invoke-PASRestMethod, : line 179 at Get-PASAccountActivity, : line 108 at , : line 1 PipelineIterationInfo : {0, 1}

Context

malher commented 5 years ago

To clarify a bit the issue. I ran the following command in this order:

  1. $token = New-PASSession -Credential $credentials -BaseURI https://uri -type LDAP -Verbose -SkipVersionCheck
  2. $token | Get-PASAccount -search account -Verbose
  3. $token | Get-PASAccount -search account -Verbose | Get-PASAccountActivity -Verbose

Then I get the error(500).

I also tried to get the accountID and run:

$token | Get-PASAccountActivity -Verbose -AccountID IDNumber

with the same result. Thanks

pspete commented 5 years ago

@malher - found the -AccountID parameter on Get-PASAccountActivity needed an alias adding to it.

Now returns result as expected:


PS>$token | Get-PASAccount -search zhauspog

AccountID                 : 331_3
Safe                      : 3_TestSafe_072_BMO
address                   : SOMEDOMAIN.COM
userName                  : zhauspog
name                      : Z_WINDOMAIN_OFF-SOMEDOMAIN.COM-zhauspog
platformId                : Z_WINDOMAIN_OFF
secretType                : password
platformAccountProperties : @{LogonDomain=SOMEDOMAIN}
secretManagement          : @{automaticManagementEnabled=True; lastModifiedTime=1556549383}
createdTime               : 29/04/2019 14:49:43

PS>$token | Get-PASAccount -search zhauspog | Get-PASAccountActivity

Time                Activity          UserName  AccountName
----                --------          --------  -----------
04/29/2019 13:49:44 Add File Category SafeAdmin Z_WINDOMAIN_OFF-SOMEDOMAIN.COM-zhauspog
04/29/2019 13:49:44 Add File Category SafeAdmin Z_WINDOMAIN_OFF-SOMEDOMAIN.COM-zhauspog
04/29/2019 13:49:44 Add File Category SafeAdmin Z_WINDOMAIN_OFF-SOMEDOMAIN.COM-zhauspog
04/29/2019 13:49:44 Add File Category SafeAdmin Z_WINDOMAIN_OFF-SOMEDOMAIN.COM-zhauspog
04/29/2019 13:49:44 Add File Category SafeAdmin Z_WINDOMAIN_OFF-SOMEDOMAIN.COM-zhauspog
04/29/2019 13:49:43 Add File Category SafeAdmin Z_WINDOMAIN_OFF-SOMEDOMAIN.COM-zhauspog
04/29/2019 13:49:43 Store password    SafeAdmin Z_WINDOMAIN_OFF-SOMEDOMAIN.COM-zhauspog