Frequently Asked Questions

Here are some questions that are frequently asked by new Security Controls API users.

  • Can I use the API to schedule scans and deploys?
  • Yes, you can schedule a script to run at a specific time. You can utilize the existing scheduling capabilities of an orchestrator or of Windows Task Scheduler, or you can do a scheduled scan in Security Controls.

  • Can I use the API to create, configure and delete credential, templates and groups?
  • Yes. You can reference existing credentials, machine groups, templates, etc. within your API commands. You can also use the API to add new credentials, templates, machine groups and patch groups.

  • Can I still get reports?
  • Yes, all manually created Security Controls reports will continue to work and will include operations initiated by the API. Scheduled reports that are based on date ranges will also be automatically generated, but reports will not be automatically generated for patch scans initiated from the API.

  • What about logging?
  • The same logging levels are available at both the user interface level and the API level.

  • Can we show members of an object coming out of a scan commandlet?
  • Yes. Here’s an example of how to show the 10 most recent scans:

    > $scans = Get-PatchScan –count 10

    > $mostRecentScan = $scans[0]

    > $mostRecentScan | Get-Member

    > $mostRecentScan | Format-PatchScanTable

    > $mostRecentScan.MachineStates[0] | Get-Member


  • Can I exclude certain machines before performing a deployment?
  • Yes, you will do this by controlling the scan input. You will specify which machines should be scanned, pare that down using attributes and then feed the pared down scan into the deployment process.

  • Can I check to see if a patch install fails (post-deploy)?
  • Yes. See the error code. You can view this information using Deployment Tracker or by using the Get-PatchDeploy command.

  • Can I retrieve patch scan deployment results (even UI-initiated scans) for reporting purposes?
  • Yes.