Use API call to get non-compliant device.

Bikk3l
Comes here often

Use API call to get non-compliant device.

Hi, 

 

Currently I am trying to make a script which gets devices which are in violation with a security policy I made. The problem seems to be however that it's not possible to make this call, it seems like the api does not recognize/acknowledge security policy tags in the tag field. I find it hard to believe that nobody before me wants to get a list of non-compliant devices via API.

 

https://api.meraki.com/api/v1/networks/%7BNetworkId%7D/sm/devices?scope[]=withAll&&scope[]=Windows_t... - violating_devices

 

Maybe someone can tell me what I'm doing wrong?

 

Thanks in advance.

3 Replies 3
Bate5a
New here

Hi <h1>Hello</h1>

sadasda
PaulF
Meraki Employee
Meraki Employee

So, the first thing you'll need is the policy ID: If you go to Systems Manager > Policies and click on the policy that you want to use as a criteria, you'll now be able to get the policy ID from the URL:

 

https://XXXX.meraki.com/General/n/XXXXXXX/manage/configure/pcc_security_policy#security_policy=68116...

 

So, now that we have the ID, we can go to the API call:

 

https://api.meraki.com/api/v0/networks/{{NetworkID}}/sm/devices?fields=ip&scope=withAll,auto:security_policy_uncompliant681169443639788406

 

If you don't know your network (or Org) IDs, you'll need to do the following two API calls:

 

Orgs

curl --location --request GET 'https://api.meraki.com/api/v1/organizations' \
--header 'X-Cisco-Meraki-API-KEY: {{APIKEY}}'
 
Returns:
[ { "id": "2930418", "name": "My organization", "url": "https://dashboard.meraki.com/o/VjjsAd/manage/organization/overview" } ]
 
This brings back a list of your orgs. You probably only have the one. Grab the id. Then, we....
 
Networks
curl --location -g --request GET 'https://api.meraki.com/api/v0/organizations/2930418/networks' --header 'X-Cisco-Meraki-API-KEY: {{APIKEY}}'
 
This will bring back a list of networks.
 
[ { "id": "L_123456", "organizationId": "2930418", "name": "Long Island Office", "timeZone": "America/Los_Angeles", "tags": [ "tag1", "tag2" ], "productTypes": [ "appliance", "switch", "wireless" ], "enrollmentString": "long-island-office", "notes": "Combined network for Long Island Office" } ]
 
Grab your network id
 

 

 

 

 

 

PaulF
Meraki Employee
Meraki Employee

You'll find https://developer.cisco.com/meraki/api-v1/#!get-organization-networks a really excellent resource for prototyping

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels