Is it possible to create a policy to scan a group of devices for missing critical patches then create a report the breaks out which critical patches are missing. We do not want to patch those devices with this policy, only scan.
Hi lsanders,
If you deactivate or unassign the existing policies, and create a new ‘By Severity’ policy with no schedule, you can then run a pre-patch report on that group to get a view of all updates with a severity score on a per-machine basis.
+1
- Build a patch everything policy, but don’t schedule it. Make it available to the group you desire.
- You can then use the API to extract the report for all devices like this:
$apiKey = '123456789'
$headers = @{ "Authorization" = "Bearer $apiKey" }
$orgID = '12345'
$url = "https://console.automox.com/api/reports/prepatch?o=$orgID&"
$now = Get-Date
Write-Log "Collecting Automox Pre-Patch Reports"
$response = (Invoke-WebRequest -Method Get -Uri $url -Headers $headers).Content | ConvertFrom-Json
$prepatch = foreach ($device in $response.prepatch.devices){
$device.patches | %{
[datetime]$patchCreated = $_.createTime.split("T")[0]
$age = (New-TimeSpan $patchCreated $now).Days
[pscustomobject]@{
name = $device.name
needsReboot = $device.needsReboot
patch = $_.name
patchAgeDays = $age
patchCreated = $patchCreated
group = $device.group
compliant = $device.compliant
os_family = $device.os_family
}
}
}
$prepatch | Sort-Object name | Export-Csv "C:\automox-prepatch-report.csv" -NoTypeInformation
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.