Symantec Privileged Access Management

Hi All,

I am using CLI API's to integrate CAPAM in my application.

I am working on viewAccountPassword command to view the password of account.

I am bleto run this CLI through my windows system and able to get the output in xml String.

But the output contains lot of parameters related to TargetAccount inclusing password value and I want to fetch exact parameter(password) from the output XML string.

In documentation I am unable to find the way to extract specific parameter from xml OR how we can get output only the required param as a string instead of entire XML string.

Could you please help me to resolve this?

Below is the command I am using : 

capam_command capam=capam_ipaddress adminUserID=1234 adminPassword=password cmdName=viewAccountPassword TargetAccount.ID=1164 reason="Power outage reason" reasonDetails="Recover Tuesday am" > viewPwd.xml
 

This ended up in CA PPM instead of CA PAM by mistake - hopefully this move takes it to a better place to raise this question.  Thanks.

Thank you Nick for showing interest in my question.

But this doesn't resolve my query. I am using CA-PAM CLI API.

With CLI is it possible to apply filter to get specific parameter value?

Hi Nick,

Coincidentally, I'm trying to do this with Target Group, to create and add filter.

We are using PowerShell to do that, I think it will work for you too.

I'm searching for the ID of the Target Group created and after that adding a filter.

$search = "<ID>(.*?)</ID>"

#$return= 'capam_command cspmHostName=***.***.***.*** adminUserID=user cmdName=addGroup Group.name='Test '"Group.description='Test descript'" Group.type=target'

$id_group = [regex]::Match($return,$search).Groups[1].Value

    capam_command cspmHostName=***.***.***.*** adminUserID=user cmdName=addFilter Group.ID=$id_group Filter.objectClassId=c.cw.m.ts Filter.attribute=hostName Filter.type=equals Filter.expression=myHost

Regards,

Gustavo Viggiano

Hi Viggiano ,

How you are able to execute CAPAM CLI with powershell? is there any module available for that? Tell me the procedure.

Also even I have applied filter to extract parameter by using powershell as well as batch commands, but on XML output file and not with the CAPAM CLI.

I want that filter to work on CLI directly and not by manipulating the output string with the help of external commands.

Thank you for the confirmation.

Hi Nick,

You just need to open the powershell on your Windows machine, goes to the path of your CLI and execute the following code (you just need to change what is in bold)

This code search for the, for example, account "root" and return the ID of this account and after that the CLI search for this ID and return the password. I'm using regex to get the attribute that I want on the XML return.

$hostName='[changeToYourHost]'
$user='[changeToYourUser]'
$pass='[changeToThePassOfYourUser]'
$accountToSearch='[ChangeToTheUserThatYouWantThePassword]'

$command = '.\capam_command'
$command_credential = @("cspmHostName=$($hostName)", "adminUserID=$($user)", "adminPassword=$($pass)")
$command_operation_search = @('cmdName=searchTargetAccount', "TargetAccount.userName=$($accountToSearch)")

$result = & $command $command_credential $command_operation_search
$search = "<ID>(.*?)</ID>"
$id_account = [regex]::Match($result,$search).Groups[1].Value
Write-Host = $id_account

$command_operation_getpwd = @('cmdName=viewAccountPassword', "TargetAccount.ID=$($id_account)")

$result = & $command $command_credential $command_operation_getpwd
$search = "<password>(.*?)</password>"
$password = [regex]::Match($result,$search).Groups[1].Value
Write-Host = $password

Hope this helps

Make sure that you can execute PowerShell scripts in your machine:

about_Execution_Policies | Microsoft Docs