Creating and Running a Query

• Console
• CLI
• API

• 1. Open the navigation menu and click Identity & Security. Under Cloud Guard, click Queries.
  2. On the Queries page, click Run query.
  3. Under Instance Security, set the Scope using one of these two options:
     • To specify the scope in terms of targets, select Targets, and then:
       • Select All targets

         OR

       • Select Choose target, and then select a target from the Targets list.
     • Select Instances, and then:
       • Select Managed list, and then select a list from the Managed list drop-down,

         OR

       • Select Custom list, and then click Select instances and specify a list of instances based on region and compartment.
  4. In the SQL Query box, enter the OSquery query that you want to run.
     Note
     
     If previous queries have been saved as favorites, you can also select a query from the Favorite query list. Doing this copies the favorite query into the SQL Query box, where you can edit as needed, or run as is.
  5. Click Run.
  6. Watch for the results of the query to appear in the Results area.
     If you don't want to wait for the results of your query to appear here, you can view the results later from the Past queries page.
  7. After the query results appear, you can:
     • Click the link in the Instance OCID to copy the instance OCID to the clipboard.
     • Click the Expand icon at the right end of the row for the instance to see the detailed information for all the items in the instance.
     • Click Run new query at the bottom of the page to run the same query again.
     • Click Actions at the bottom of the page and select:
       • View in Past queries to continue viewing the results of this query on the Past queries page.
       • Add to favorites to add this query to the list of favorites.
       • Download results to download the results into a CSV file that you can open in a spreadsheet.
       • Create as scheduled query to run this query at scheduled intervals.
         1. On the Query information panel of the Create workload protection query page, enter a Query name and, optionally, a Description.

            Avoid entering confidential information. .

         2. Optional: Change the Compartment and Scope settings.
         3. Click Next.
         4. On the Results configuration panel, specify regions to search and enable logging for each.
         5. Click Submit.

• For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

  Queries

  Use the oci cloud-guard adhoc-query create command and required parameters to create a query:

  oci cloud-guard adhoc-query create --adhoc-query-details <valid_json_complex_type> --compartment-id, -c <compartment_ocid> [OPTIONS]

  Query Results

  Use the oci cloud-guard adhoc-query-result-collection get-adhoc-query-result-content command and required parameters to download results for a specific query to a file:

  oci cloud-guard adhoc-query-result-collection get-adhoc-query-result-content  --adhoc-query-id <query_ocid> --file <file_name> [OPTIONS]

  Use the oci cloud-guard adhoc-query-result-collection list-adhoc-query-results command and required parameters to list results for a specific query:

  oci cloud-guard adhoc-query-result-collection list-adhoc-query-results --adhoc-query-id <query_ocid> --compartment-id, -c <compartment_ocid> [OPTIONS]

• Queries

  Run the CreateAdhocQuery operation to create a query.

  Query Results

  Run the GetAdhocQueryResultContent operation to download results for a specific query to a file.

  Run the ListAdhocQueryResults operation to list results for a specific query.