Use API call to get non-compliant device.

Bikk3l
Comes here often

Use API call to get non-compliant device.

Hi, 

 

Currently I am trying to make a script which gets devices which are in violation with a security policy I made. The problem seems to be however that it's not possible to make this call, it seems like the api does not recognize/acknowledge security policy tags in the tag field. I find it hard to believe that nobody before me wants to get a list of non-compliant devices via API.

 

https://api.meraki.com/api/v1/networks/%7BNetworkId%7D/sm/devices?scope[]=withAll&&scope[]=Windows_t... - violating_devices

 

Maybe someone can tell me what I'm doing wrong?

 

Thanks in advance.

3 REPLIES 3
Bate5a
New here

Re: Use API call to get non-compliant device.

Hi <h1>Hello</h1>

sadasda
PaulF
Meraki Employee

Re: Use API call to get non-compliant device.

So, the first thing you'll need is the policy ID: If you go to Systems Manager > Policies and click on the policy that you want to use as a criteria, you'll now be able to get the policy ID from the URL:

 

https://XXXX.meraki.com/General/n/XXXXXXX/manage/configure/pcc_security_policy#security_policy=68116...

 

So, now that we have the ID, we can go to the API call:

 

https://api.meraki.com/api/v0/networks/{{NetworkID}}/sm/devices?fields=ip&scope=withAll,auto:security_policy_uncompliant681169443639788406

 

If you don't know your network (or Org) IDs, you'll need to do the following two API calls:

 

Orgs

curl --location --request GET 'https://api.meraki.com/api/v1/organizations' \
--header 'X-Cisco-Meraki-API-KEY: {{APIKEY}}'
 
Returns:
[ { "id": "2930418", "name": "My organization", "url": "https://dashboard.meraki.com/o/VjjsAd/manage/organization/overview" } ]
 
This brings back a list of your orgs. You probably only have the one. Grab the id. Then, we....
 
Networks
curl --location -g --request GET 'https://api.meraki.com/api/v0/organizations/2930418/networks' --header 'X-Cisco-Meraki-API-KEY: {{APIKEY}}'
 
This will bring back a list of networks.
 
[ { "id": "L_123456", "organizationId": "2930418", "name": "Long Island Office", "timeZone": "America/Los_Angeles", "tags": [ "tag1", "tag2" ], "productTypes": [ "appliance", "switch", "wireless" ], "enrollmentString": "long-island-office", "notes": "Combined network for Long Island Office" } ]
 
Grab your network id
 

 

 

 

 

 

PaulF
Meraki Employee

Re: Use API call to get non-compliant device.

You'll find https://developer.cisco.com/meraki/api-v1/#!get-organization-networks a really excellent resource for prototyping

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels