Posted on 08-19-2015 01:59 PM
I have a policy that has been running for quite some time. I was hoping to be able to monitor it using the Api.
Using https://<casperurl>/apiFrontPage.rest
I am able to get some info regarding the policy. What I would really like to get would be a list of the following:
My goal is to be able to check and see if the assets that are failing and remaining are systems that are no longer in rotation or broken, or out for repair ...etc.
Also it would be nice to have a custom tag on the bottom of this forum page, so I can create something called 'api' or something a little more specific.
Posted on 08-19-2015 02:09 PM
I don't believe the API has the ability to pull that information as far as I can tell. The policy API only appears to allow you to configure or read the policy itself, not its logs.
Posted on 08-19-2015 02:44 PM
Yes, unfortunately @alexjdale is correct. The API can't currently pull any stats from the policy. I really wish it could.
However, its possible to get at least some of this information by crafting things in your JSS the right way.
As an example, if you create 2 Smart Groups, one that is used for a policy scope, and the other for any Macs that are already compliant with what your policy is trying to do, you can get data on Macs that both meet and don't meet the criteria.
Let's use Flash Player as an example.
For Smart Group 1, we can add criteria that would gather all Macs that are not already running Flash Player 18.0.0.232. Add whatever other criteria you might need as well, such as check in time range, or locations, etc.
For Smart Group 2, you can add in criteria to gather any Macs that are running Flash Player 18.0.0.232, and perhaps that have installed it from your policy by looking for the specific Casper package receipt.
Scope your Flash Player policy to Smart Group 1, and just let Smart Group 2 hang out, collecting Macs that fall into its criteria range.
Later as your policy is deploying, you can pull the Smart Group membership of each group and pull data like computer names and other details, or, perhaps just a total of the group membership from each one. You can script comparing these 2 numbers to come up with a compliance % number. For example:
I'm already doing something along these lines to generate an email with compliancy numbers for some of our security related policies.
Unfortunately, this would only address your first 2 bullet points - "How many assets completed running the policy" and "How many assets remaining" It won't do anything for how many have failed running the policy since that can only be viewed in the policy log, not accessible in the API.
Posted on 08-19-2015 06:48 PM
Funny you mention that exact policy :)
But while it does not solve my problem, I feel better knowing that it is something that exactly be done through the Api and not me losing my mind towards the end of the day.