Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
strongDM audit shell script snippets from webinar
# List Infrastructure Changes
## Start with activities
## Drill in to point-in-time snapshots
sdm audit activities --from "2020-01-01" --to "2020-03-01" -e -j | jq 'select(.activity | (contains("updated")) or contains("created") or contains("deleted"))'
sdm audit activities --from "2020-01-01" --to "2020-03-01" -e -j | jq 'select(.activity == "datasource deleted")'
sdm audit datasources --at 2020-02-24T18:41:00Z|grep ES3
sdm audit datasources --at 2020-02-24T18:42:00Z|grep ES3
# List Of Production Users
## Identify resources
## Show user list
sdm admin datasources list --filter 'tag:env=production'
sdm audit permissions -j | jq 'select(.datasourceName | contains("Pricing DB"))'
# Admin Listings with Roles and Permissions
## Show user list of strongDM Admins
## Show user list for high-privilege RBAC
sdm audit users -j | jq 'select(.strongRole == "admin")'
sdm audit permissions -j | jq 'select(.datasourceName | contains("Pricing DB")) | .roleName' | sort -u
sdm audit users -j | jq 'select(.roleName != null) | select(.roleName | contains("Finance") or contains("Analytics"))'
# Recent Extract for Databases
## Pull applicable CRUD activities
## Pull sample query log
sdm audit activities -j -e | jq 'select(any(.objects[].id; . == "rs-00000000000009d9"))'
sdm audit queries --from 2021-01-19 -j -e | jq 'select(.datasourceName | contains("Pricing DB"))'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment