Fine Tunning Reporting

Question

I have two reporting tasks in Jamf Pro that I dread every time I have to do them:	Creating a Security Stack report			Creating a report that shows which computers have a specific application installed and which do not	What I’m trying to doFor the security stack, we have (for example) 5 security products that should be installed across our fleet.What I’ve been doing is exporting Computer Applications inventory and working from the CSV. The problem is the way Jamf structures the export:	The application name appears once			The rows beneath it (per computer) are blank until the next application name appears			Those blank rows still represent devices that have the app installed, but the format makes filtering, automation, and reporting extremely painful	I’ve worked with other tools where the export shows the application name on every row per computer, even if the version is the same, which makes reporting much easier.What I’ve consideredThe only reliable approach I can think of is using Extension Attributes that explicitly check for each application and return something like Installed / Not Installed, then exporting those EAs.This applies to both use cases:	A Security Stack report (5 applications)			A single application report showing installed vs not installed devices	At this point, Extension Attributes feel like the only way to generate a single, clean report that includes both installed and not installed machines.My questionIs there a better or more native way in Jamf Pro to handle this that I’m missing?	Is there a smarter way to build Advanced Computer Searches for this?			Is relying on Extension Attributes the expected approach here?			Or is there a reporting method that avoids having to parse the Applications inventory export?	Any insight from others who’ve solved this in Jamf would be appreciated.

h1431532403240 · Accepted Answer

Would you have an example or something pre-done that I can start building upon?Here's a Python script to get you started. It checks for specific applications across all computers and outputs a clean CSV:#!/usr/bin/env python3"""Security Stack Report - Jamf Pro APIChecks which computers have specific security applications installed"""import requestsimport csvimport os# ConfigurationJAMF_URL = "https://your-instance.jamfcloud.com"CLIENT_ID = "your-api-client-id"CLIENT_SECRET = "your-api-client-secret"# Applications to check (adjust paths as needed)SECURITY_APPS = [    "CrowdStrike Falcon.app",    "Netskope Client.app",     "1Password.app",    "Cisco Secure Client.app",    "SentinelOne.app"]def get_access_token():    """Get OAuth token from Jamf Pro"""    response = requests.post(        f"{JAMF_URL}/api/oauth/token",        data={            "client_id": CLIENT_ID,            "client_secret": CLIENT_SECRET,            "grant_type": "client_credentials"        }    )    return response.json()["access_token"]def get_all_computers(token):    """Get list of all computer IDs"""    headers = {"Authorization": f"Bearer {token}"}    response = requests.get(        f"{JAMF_URL}/JSSResource/computers",        headers=headers,        params={"Accept": "application/json"}    )    return response.json()["computers"]def get_computer_detail(token, computer_id):    """Get detailed inventory for a specific computer"""    headers = {        "Authorization": f"Bearer {token}",        "Accept": "application/json"    }    response = requests.get(        f"{JAMF_URL}/JSSResource/computers/id/{computer_id}",        headers=headers    )    return response.json()["computer"]def main():    token = get_access_token()    computers = get_all_computers(token)    results = []    for comp in computers:        detail = get_computer_detail(token, comp["id"])        # Get list of installed app names        installed_apps = [            app["name"] for app in detail.get("software", {}).get("applications", [])        ]        row = {            "Computer Name": detail["general"]["name"],            "Serial Number": detail["general"]["serial_number"],        }        # Check each security app        for app in SECURITY_APPS:            row[app] = "Installed" if app in installed_apps else "Not Installed"        results.append(row)        print(f"Processed: {row['Computer Name']}")    # Write CSV    with open("security_stack_report.csv", "w", newline="") as f:        writer = csv.DictWriter(f, fieldnames=results[0].keys())        writer.writeheader()        writer.writerows(results)    print(f"
Report saved: security_stack_report.csv")if __name__ == "__main__":    main()Setup:Create an API Client in Jamf Pro (Settings > API Roles and Clients)Grant "Read Computers" permissionUpdate the script with your credentials and app listReference:Jamf Pro API Documentation

mattjerome · Answer

Personally, I would leverage the API to build it. You can leverage the applications section rather than EA’s b/c it’ll already have the version number as well as telling you if it’s there. That assumes you collect that at inventory. Maybe it’s just me but I sometimes prefer that for a bit more control over the output.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded