Autoscoping tags based on OS version

jm_peterson
Getting noticed

Autoscoping tags based on OS version

Is it possible to scope a tag to devices on a specific os version? Such as 10.13.x get “Tag A” and 10.14.x get “Tag B” from Systems Manager?

6 REPLIES 6
MikeMandalorian
A model citizen

Oh i really hope someone knows how to make this work because this would be awesome

vassallon
Kind of a big deal

@jm_peterson The closest I can think of to accomplish this is through security policies based on minimum OS version.

 

This would apply policy tag to each device.

 

securitypolicies.PNG

Found this helpful? Give me some Kudos! (click on the little up-arrow below)

@vassallon It was definitely a good idea. But it appears the security policy cant scope worth a damn and returns this. Screen Shot 2019-04-16 at 2.25.56 PM.png

What about if you add in these options for Mobile Security?

 

MobileSecurity.PNG

Found this helpful? Give me some Kudos! (click on the little up-arrow below)

@vassallonUnfortunately that didnt work. I was looking for a way to automate this for Mojave so custom pppc/tcc/kernel extensions could be applied as users update. Since there is no solution I threw one together.

Disclaimer, python is not my strong suit so there is probably a more efficient way to do this but this is working for me.

You just need to replace YOURSMNETWORKID with your network_id, yourreallylongapikey with your api key, and the tag name with whatever you want the tag to be. 

Hopefully this is of use to someone. ¯\_(ツ)_/¯

import requests
import json

meraki_url = 'https://api.meraki.com/api/v0/networks/YOURSMNETWORKID/sm/devices'
aki_key = 'yourreallylongapikey'
search_models = ['OS X 10.14', 'OS X 10.14.1', 'OS X 10.14.2', 'OS X 10.14.3', 'OS X 10.14.4', 'OS X 10.14.5']
meraki_payload = ""

meraki_headers = {
    'X-Cisco-Meraki-API-Key': aki_key,
    'cache-control': "no-cache"
    }

def tag_the_machines (serial_input):

    url = 'https://api.meraki.com/api/v0/networks/YOURSMNETWORKID/sm/devices/tags'

    args = {
        "updateAction": "add",
        "tags": "Mojave",
        "serials": serial_input
        }
    
    payload = ""
        
    headers = {
        'X-Cisco-Meraki-API-Key': aki_key,
        'Content-Type': "application/json",
        'cache-control': "no-cache",
    }
        
    try:
        r = requests.request("PUT", url, data=payload, headers=headers, params=args)
        r.raise_for_status()
        print ("Tagged" + '' + serial_input)
    except requests.exceptions.HTTPError as err:
        print (err)

def check_key(dict, key): 
      
    if dict.has_key(key): 
        global batch
        batch = dict[key] 
    else: 
        print ("Batch not key present")
  
def get_all_machines ():
   
    url = meraki_url

    payload = meraki_payload

    headers = meraki_headers

    r = requests.request("GET", url, data=payload, headers=headers)
    
    global all_machines
    all_machines = r.json()

    check_key (all_machines, 'batchToken')
    
    create_mojave_dict()

def send_batch_request ():
    
    url = meraki_url

    payload = meraki_payload

    querystring = {
        "batchToken": batch,
        }

    headers = meraki_headers
        
    r = requests.request("GET", url, data=payload, headers=headers, params=querystring)
    
    global all_batch_machines
    all_batch_machines = r.json ()

    create_mojave_batch_dict()

def create_mojave_dict ():
    serial_number = []
    os_name = []

    for m in all_machines["devices"]:
        serial_number.append(m["serialNumber"])
        os_name.append(m["osName"])

    machine_dict = dict(zip(serial_number, os_name))

    global mojave_machines
    mojave_machines = []

    for s in search_models:
        for k, v in machine_dict.items():
            if v == s:
                mojave_machines.append(k)

    for m in mojave_machines:
        tag_the_machines(m) 
    
def create_mojave_batch_dict ():
    serial_number = []
    os_name = []

    for m in all_batch_machines["devices"]:
        serial_number.append(m["serialNumber"])
        os_name.append(m["osName"])

    machine_dict = dict(zip(serial_number, os_name))

    global mojave_batch_machines
    mojave_batch_machines = []

    for s in search_models:
        for k, v in machine_dict.items():
            if v == s:
                mojave_batch_machines.append(k)

    for b in mojave_batch_machines:
        tag_the_machines(b) 

if __name__ == '__main__':
    get_all_machines()
    send_batch_request()
BlakeRichardson
Kind of a big deal
Kind of a big deal

@jm_peterson  The overview section of systems manager will show a break down of OS versions, you could manually click on each version and apply a tag that way. You would have to constantly keep it up to date though. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels