Is it possible to create a policy to scan a group of devices for missing critical patches then create a report the breaks out which critical patches are missing. We do not want to patch those devices with this policy, only scan.
Question
Scan without patching for a baseline report
Hi lsanders,
If you deactivate or unassign the existing policies, and create a new ‘By Severity’ policy with no schedule, you can then run a pre-patch report on that group to get a view of all updates with a severity score on a per-machine basis.
+1
- Build a patch everything policy, but don’t schedule it. Make it available to the group you desire.
- You can then use the API to extract the report for all devices like this:
$apiKey = '123456789'
$headers = @{ "Authorization" = "Bearer $apiKey" }
$orgID = '12345'
$url = "https://console.automox.com/api/reports/prepatch?o=$orgID&"
$now = Get-Date
Write-Log "Collecting Automox Pre-Patch Reports"
$response = (Invoke-WebRequest -Method Get -Uri $url -Headers $headers).Content | ConvertFrom-Json
$prepatch = foreach ($device in $response.prepatch.devices){
$device.patches | %{
[datetime]$patchCreated = $_.createTime.split("T")[0]
$age = (New-TimeSpan $patchCreated $now).Days
[pscustomobject]@{
name = $device.name
needsReboot = $device.needsReboot
patch = $_.name
patchAgeDays = $age
patchCreated = $patchCreated
group = $device.group
compliant = $device.compliant
os_family = $device.os_family
}
}
}
$prepatch | Sort-Object name | Export-Csv "C:\automox-prepatch-report.csv" -NoTypeInformation
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.