PEDM Report Commands

This page gives information of commands related to perform operations related to PEDM audit reports

Overview

This section covers all the Keeper Commander commands for generating PEDM audit reports and analytics. These commands provide detailed insights into PEDM activities including policy usage, audit events, and summary reports. Administrators can analyse privilege elevation events, track policy effectiveness, and generate compliance reports.

This section supports the following commands:

Usage

pedm report command [--options]

Report Policy Usage Command

View which agents are affected by specific policies. This command shows policy-to-agent relationships and can provide summary counts for policy coverage analysis.

DotNet CLI

Command: Coming Soon

DotNet SDK

Function: Coming Soon

Power Commander

Command: Coming Soon

Python CLI

Command: pedm report policy-usage <policy> [policy...]

Aliases: pedm report pu

Flags:

Flag

Description

--summary

Show agent count only

--format

Output format - json, csv, or table

--output

Save output to specified file

policy

Policy UID or * for all policies (required, can specify multiple)

Examples:

My Vault> pedm report policy-usage policy_xyz789

Policy UID: policy_xyz789
Agent UID: agent_abc123

Policy UID: policy_xyz789
Agent UID: agent_def456

My Vault> pedm report policy-usage * --summary

Policy UID: ['policy_xyz789']
Agent Count: 15

Python SDK

Function:

from keepersdk.plugins.pedm import admin_plugin

plugin = admin_plugin.PedmPlugin(enterprise_loader)

rq = pedm_pb2.PolicyAgentRequest()
rq.summaryOnly = True ##or False
policies = ['policy UIDs']
if not isinstance(policies, list):
            policies = [str(policies)]
if '*' in policies:
            rq.policyUid.append(plugin.all_agents)
policy_agent = auth.execute_router(
            'pedm/get_policy_agents', rq, response_type=pedm_pb2.PolicyAgentResponse)

Report Column Command

View unique values and metadata for audit report fields. This command helps discover available columns for reporting and their data types, useful for building custom queries and understanding audit data structure.

DotNet CLI

Command: Coming Soon

DotNet SDK

Function: Coming Soon

Power Commander

Command: Coming Soon

Python CLI

Command: pedm report column <column_name>

Aliases: pedm report c

Flags:

Flag

Description

--syntax-help

Display detailed help about columns

--format

Output format - json, csv, or table

--output

Save output to specified file

column

Column name (required)

Examples:

My Vault> pedm report column report_field

Name: event_time
Type: filter
Protection: none

Name: audit_event_type
Type: group
Protection: none

Name: agent_uid
Type: group
Protection: none

My Vault> pedm report column audit_event_type

Name: agent_registered
ID: 1
Is Client: True
Syslog: Agent registered: ${agent_uid}

Name: policy_evaluated
ID: 2
Is Client: True
Syslog: Policy evaluated: ${policy_uid} - ${evaluation_status}

Python SDK

Function: Not Supported

Report Event Command

Generate detailed audit event reports with customisable filters. This command retrieves individual PEDM events with optional filtering by time, agent, event type, and other dimensions. Supports various output formats and predefined date ranges.

DotNet CLI

Command: Coming Soon

DotNet SDK

Function: Coming Soon

Power Commander

Command: Coming Soon

Python CLI

Command: pedm report event [filter...]

Aliases: pedm report e

Flags:

Flag

Description

--syntax-help

Display filter syntax help

--report-format

Output format - message or fields (default: message)

--timezone

Timezone for results

--limit

Maximum rows to return (max 1000)

--order

Sort order (choices: desc, asc)

--format

Output format - json, csv, or table

--output

Save output to specified file

filter

Report filters (optional, can specify multiple)

Examples:

My Vault> pedm report event event_time=today audit_event_type=policy_evaluated

Event Time: 2024-11-05 14:32:15
Audit Event Type: policy_evaluated
Message: Policy evaluated: policy_xyz789 - Allowed

My Vault> pedm report event event_time=last_7_days agent_uid=agent_abc123 --limit 10 --order desc

Event Time: 2024-11-05 14:32:15
Audit Event Type: privilege_elevation_request
Message: User john.doe requested elevation for powershell.exe

Filter Syntax Examples:

Single value: agent_uid=NJvK0I5RpuF0UFMwRKY_Dw
Multiple values: agent_uid=IN(NJvK0I5RpuF0UFMwRKY_Dw, VYLhwqhRvhIpma9e1HoDFw)
Range: event_time=BETWEEN 2024-01-01 AND 2024-02-01
Predefined dates: event_time=today, event_time=yesterday, event_time=last_7_days, event_time=last_30_days, event_time=month_to_date, event_time=last_month, event_time=year_to_date, event_time=last_year

Python SDK

Function:

rq: Dict[str, Any] = {
    'timezone': datetime.datetime.now().astimezone().tzname()
}
report_filter = ['filters']
if len(report_filter) > 0:
    rq['filter'] = report_filter
limit = int ##max rows to be return
if limit is not None:
    rq['limit'] = limit
order = 'desc' ##or 'asc'
if order:
    rq['order'] = order
rs = auth.execute_router_json('pedm/get_audit_events', rq)
events = rs.get('audit_event_overview_report_rows')

Report Summary Command

Generate aggregated audit reports grouped by specified dimensions. This command provides summary statistics like event counts, date ranges, and custom aggregations. Useful for trend analysis and compliance reporting.

DotNet CLI

Command: Coming Soon

DotNet SDK

Function: Coming Soon

Power Commander

Command: Coming Soon

Python CLI

Command: pedm report summary [filter...]

Aliases: pedm report s

Flags:

Flag

Description

--syntax-help

Display syntax help

--report-type

Report aggregation type (choices: hour, day, month, span) - default: span

--group-by

Fields to group by - can be repeated

--aggregate

Aggregation type (choices: occurrences, first_date, last_date) - can be repeated

--timezone

Timezone for results

--limit

Maximum rows to return (max 2000, default 50)

--order

Sort order (choices: desc, asc)

--format

Output format - json, csv, or table

--output

Save output to specified file

filter

Report filters (optional, can specify multiple)

Examples:

My Vault> pedm report summary event_time=last_30_days --report-type day --aggregate occurrences --group-by audit_event_type

Event Time: 2024-11-05
Occurrences: 127
Audit Event Type: policy_evaluated

Event Time: 2024-11-04
Occurrences: 95
Audit Event Type: policy_evaluated

My Vault> pedm report summary --report-type span --aggregate occurrences first_date last_date --group-by agent_uid

Occurrences: 452
First Date: 2024-10-01
Last Date: 2024-11-05
Agent UID: agent_abc123

Python SDK

Function:

report_type: Optional[str] = ['hour', 'day', 'month', 'span']

aggregate = ['occurrences', 'first_date', 'last_date']
if not aggregate:
    aggregate = ['occurrences']
elif isinstance(aggregate, str):
    aggregate = [aggregate]
rq: Dict[str, Any] = {
    'report_type': report_type,
    'aggregate': aggregate,
    'timezone': datetime.datetime.now().astimezone().tzname()
}

report_filter = ['filters']
if len(report_filter) > 0:
    rq['filter'] = report_filter
group_by = ['group by columns name']
if group_by:
    if isinstance(group_by, str):
        group_by = [group_by]
    rq['group_by'] = group_by

limit = int ##max rows to be return
if limit is not None:
    rq['limit'] = limit
order = 'desc' ##or 'asc'
if order:
    rq['order'] = order
response = auth.execute_router_json('pedm/get_summary_audit_report', rq)

PreviousPEDM Approval Commands

Last updated 1 month ago

Was this helpful?