Oracle Cloud Infrastructure Documentation

Scheduling a Query from a Past Query

Create a scheduled query from aquery you've already run.

    1. Open the navigation menu and click Identity & Security. Under Cloud Guard, click Queries.
    2. On the Queries page, click Past queries.
    3. Locate the query that you want to run on a schedule.
      See Managing Past Queries for steps to filter the list.
    4. From the Actions menu Image of Action menu at the right end of the row for the query, select Create scheduled query.
      The Create instance security query page opens, with Compartment, Scope, and SQL query filled in.
    5. In the Query information panel, enter a Query name, and optionally a Description.
      Avoid entering confidential information.
    6. Set the Query frequency to how often you want this query to run.
    7. Click Next.
    8. On the Results configuration panel, enable at least one region to send query results, then click Close.
      The details page for the new scheduled query is displayed.
    9. For each region you want, click the Actions menu (Image of Action menu) and select Enable Log.
      1. On the Enable log panel, the compartment the target is in is shown. You cannot change it.
      2. Choose an existing log group, or create a new one by clicking Create new group. See Log Group Management.
      3. Choose how long the log to keep the log, for values between 30 days and 180 days, or set a custom log retention value.
      4. Click Enable log.
    10. Click Submit.
      The scheduled query is created and it will run on the schedule you have set.

  • For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

    Use the oci cloud-guard data-source change-compartment command and required parameters to move a scheduled query to a different compartment:

    oci cloud-guard data-source change-compartment --compartment-id, -c <compartment_ocid> --data-source-id <data_source_ocid> [OPTIONS]

    Use the oci cloud-guard data-source create command and required parameters to create a scheduled query:

    oci cloud-guard data-source create --compartment-id, -c <compartment_ocid> --data-source-feed-provider <feed_provider_type> --display-name <data_source_display_name> [OPTIONS]

    Use the oci cloud-guard data-source delete command and required parameters to delete a scheduled query:

    oci cloud-guard data-source delete --data-source-id <data_source_ocid> [OPTIONS]

    Use the oci cloud-guard data-source get command and required parameters to get the details for a specific scheduled query:

    oci cloud-guard data-source get --data-source-id <data_source_ocid> [OPTIONS]

    Use the oci cloud-guard data-source list-data-source-events command and required parameters to list events for a specific scheduled query:

    oci cloud-guard data-source list-data-source-events --data-source-id <data_source_ocid> [OPTIONS]

    Use the oci cloud-guard data-source list command and required parameters to list scheduled queries in a compartment:

    oci cloud-guard data-source list --compartment-id, -c <compartment_ocid> [OPTIONS]

    Use the oci cloud-guard data-source update command and required parameters to update a specific scheduled query:

    oci cloud-guard data-source update --data-source-id <data_source_ocid> [OPTIONS]

  • Run the ChangeDataSourceCompartment operation to move a scheduled query to a different compartment.

    Run the CreateDataSource operation to create a scheduled query.

    Run the DeleteDataSource operation to delete a scheduled query.

    Run the GetDataSource operation to get the details for a specific scheduled query.

    Run the ListDataSourceEvents operation to list events for a specific scheduled query.

    Run the ListDataSources operation to list all available scheduled queries in a compartment.

    Run the UpdateDataSource operation to update a specific scheduled query.