Oracle Cloud Infrastructure Documentation

Scheduling a New Query

Create a scheduled query from a new query.

Prerequisite: You should always run a new query to check that it returns the results you expect, before setting up as a scheduled query. See Creating and Running a Query.

  • Note

    Scheduled queries run automatically, according to the schedule that you specify. If you just want a query to be easier to locate when you run the query manually, add the query to the favorites list. See Managing the Query Favorites List.
    1. Open the navigation menu and click Identity & Security. Under Cloud Guard, click Queries.
    2. On the Queries page, click Scheduled queries.
    3. Click Create instance security query.
      • You can click Go to run query which takes you to the Run query page where you can create and run an on-demand query to check that it returns the results you expect. If you choose this, then you can create the scheduled query from the Past Queries page. See Managing Past Queries. If you choose this option, ignore the remaining steps.
      • Click Continue which lets you create the scheduled query immediately.
    4. On the Query details page enter a name for the query, and optionally a description.
    5. Choose the compartment.
    6. Choose the scope of the query:
      • All targets to run the query over all targets.
      • Choose target and choose the specific target you want.
    7. In the SQL Query box, enter the OSquery query that you want to run.
      Note

      If previous queries have been saved as favorites, you can also select a query from the Favorite query list. Doing this copies the favorite query into the SQL Query box, where you can edit as needed, or run as is.
    8. Under Query frequency, choose the frequency with which the query will run.
    9. Under Query enablement, enable the query. It won't run unless it is enabled.
    10. Click Next.
    11. On the Results configuration page, for each region you want, click the Actions menu (actions menu) and select Enable Log.
      1. On the Enable log panel, the compartment the target is in is shown. You cannot change it.
      2. Choose an existing log group, or create a new one by clicking Create new group. See Log Group Management.
      3. Choose how long the log to keep the log, for values between 30 days and 180 days, or set a custom log retention value.
      4. Click Enable log.
    12. Click Submit.
      The scheduled query is created and it will run on the schedule you have set.

  • For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

    Use the oci cloud-guard data-source change-compartment command and required parameters to move a scheduled query to a different compartment:

    oci cloud-guard data-source change-compartment --compartment-id, -c <compartment_ocid> --data-source-id <data_source_ocid> [OPTIONS]

    Use the oci cloud-guard data-source create command and required parameters to create a scheduled query:

    oci cloud-guard data-source create --compartment-id, -c <compartment_ocid> --data-source-feed-provider <feed_provider_type> --display-name <data_source_display_name> [OPTIONS]

    Use the oci cloud-guard data-source delete command and required parameters to delete a scheduled query:

    oci cloud-guard data-source delete --data-source-id <data_source_ocid> [OPTIONS]

    Use the oci cloud-guard data-source get command and required parameters to get the details for a specific scheduled query:

    oci cloud-guard data-source get --data-source-id <data_source_ocid> [OPTIONS]

    Use the oci cloud-guard data-source list-data-source-events command and required parameters to list events for a specific scheduled query:

    oci cloud-guard data-source list-data-source-events --data-source-id <data_source_ocid> [OPTIONS]

    Use the oci cloud-guard data-source list command and required parameters to list scheduled queries in a compartment:

    oci cloud-guard data-source list --compartment-id, -c <compartment_ocid> [OPTIONS]

    Use the oci cloud-guard data-source update command and required parameters to update a specific scheduled query:

    oci cloud-guard data-source update --data-source-id <data_source_ocid> [OPTIONS]

  • Run the ChangeDataSourceCompartment operation to move a scheduled query to a different compartment.

    Run the CreateDataSource operation to create a scheduled query.

    Run the DeleteDataSource operation to delete a scheduled query.

    Run the GetDataSource operation to get the details for a specific scheduled query.

    Run the ListDataSourceEvents operation to list events for a specific scheduled query.

    Run the ListDataSources operation to list all available scheduled queries in a compartment.

    Run the UpdateDataSource operation to update a specific scheduled query.