API Pull LastUsed Attribute for an Account

[dokki767]

Looking for a way to pull the "LastUsed" attribute for a given vault object. (LastUsed, not LastModified) Looking over the Cyber-Ark documentation, I'm not seeing that attribute as one exposed to retrieve to start with, but looking for feedback or direction if maybe I've overlooking something before contacting vendor support.

PS 5.0 PsPAS 3.3.88

[pspete]

Hi @dokki767

One option with psPAS which may fit your needs:

Get-PASAccountActivity -id 28_5 | 
Where-Object{$_.Activity -match "Use|Connect"} | 
Sort-Object -Descending -Property Time | 
Select-Object -First 1 Time

Time               
----               
06/28/2020 00:19:00

The above will get the date of the last "Use Password" or "PSM Connect" activity in the logs for the account.

It doesn't look like it is returned when fetching account details alone (you could get the value with EVD/PACLI though). Definitely go via your support channels to see if there is any alternative method for the API also.

[dokki767]

This should work, I had to tweak the pipes a bit, doesn't look like Time is recognized as a time value, so the sort messes everything up. It returns in chronological order anyways so not an issue. Need to sub-in "Retrieve password" in the match as well for my scenario. Thanks for assistance, this can be closed.

My command for reference. get-pasaccountactivity -id '864'| Where-Object{$.Activity -match "Retrieve password"} | Select-object -first 1 time,activity,username,accountname

[pspete]

.... Maybe something to do with the time coming from the API as a UnixTime value, and psPAS converting it... will add it to my list of things to check out for possible future enhancements.