Scheduling a Query from a Past Query

• Console
• CLI
• API

• 1. Open the navigation menu and select Identity & Security. Under Cloud Guard, select Queries.
  2. On the Queries page, select Past queries.
  3. Locate the query that you want to run on a schedule.
     See Managing Past Queries for steps to filter the list.
  4. From the Actions menu at the right end of the row for the query, select Create scheduled query.
     The Create instance security query page opens, with Compartment, Scope, and SQL query filled in.
  5. In the Query information panel, enter a Query name, and optionally a Description.
     Avoid entering confidential information.
  6. Set the Query frequency to how often you want this query to run.
  7. select Next.
  8. On the Results configuration panel, enable at least one region to send query results, then select Close.
     The details page for the new scheduled query is displayed.
  9. For each region you want, select the Actions menu () and select Enable Log.
     1. On the Enable log panel, the compartment the target is in is shown. You cannot change it.
     2. Select an existing log group, or create a new one by selecting Create new group. See Log Group Management.
     3. Choose how long the log to keep the log, for values between 30 days and 180 days, or set a custom log retention value.
     4. select Enable log.
  10. select Submit.
      The scheduled query is created and it will run on the schedule you have set.

• For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

  Use the oci cloud-guard data-source change-compartment command and required parameters to move a scheduled query to a different compartment:

  Command

  CopyTry It

  oci cloud-guard data-source change-compartment --compartment-id, -c <compartment_ocid> --data-source-id <data_source_ocid> [OPTIONS]

  Use the oci cloud-guard data-source create command and required parameters to create a scheduled query:

  Command

  CopyTry It

  oci cloud-guard data-source create --compartment-id, -c <compartment_ocid> --data-source-feed-provider <feed_provider_type> --display-name <data_source_display_name> [OPTIONS]

  Use the oci cloud-guard data-source delete command and required parameters to delete a scheduled query:

  Command

  CopyTry It

  oci cloud-guard data-source delete --data-source-id <data_source_ocid> [OPTIONS]

  Use the oci cloud-guard data-source get command and required parameters to get the details for a specific scheduled query:

  Command

  CopyTry It

  oci cloud-guard data-source get --data-source-id <data_source_ocid> [OPTIONS]

  Use the oci cloud-guard data-source list-data-source-events command and required parameters to list events for a specific scheduled query:

  Command

  CopyTry It

  oci cloud-guard data-source list-data-source-events --data-source-id <data_source_ocid> [OPTIONS]

  Use the oci cloud-guard data-source list command and required parameters to list scheduled queries in a compartment:

  Command

  CopyTry It

  oci cloud-guard data-source list --compartment-id, -c <compartment_ocid> [OPTIONS]

  Use the oci cloud-guard data-source update command and required parameters to update a specific scheduled query:

  Command

  CopyTry It

  oci cloud-guard data-source update --data-source-id <data_source_ocid> [OPTIONS]

• Run the ChangeDataSourceCompartment operation to move a scheduled query to a different compartment.

  Run the CreateDataSource operation to create a scheduled query.

  Run the DeleteDataSource operation to delete a scheduled query.

  Run the GetDataSource operation to get the details for a specific scheduled query.

  Run the ListDataSourceEvents operation to list events for a specific scheduled query.

  Run the ListDataSources operation to list all available scheduled queries in a compartment.

  Run the UpdateDataSource operation to update a specific scheduled query.