Frequently Asked Questions
Here are some questions that are frequently asked by new Security Controls API users.
- Can I use the API to schedule scans and deploys?
- Can I use the API to create, configure and delete credential, templates and groups?
- Can I still get reports?
- What about logging?
- Can we show members of an object coming out of a scan commandlet?
- Can I exclude certain machines before performing a deployment?
- Can I check to see if a patch install fails (post-deploy)?
- Can I retrieve patch scan deployment results (even UI-initiated scans) for reporting purposes?
Yes, you can schedule a script to run at a specific time. You can utilize the existing scheduling capabilities of an orchestrator or of Windows Task Scheduler, or you can do a scheduled scan in Security Controls.
Yes. You can reference existing credentials, machine groups, templates, etc. within your API commands. You can also use the API to add new credentials, templates, machine groups and patch groups.
Yes, all manually created Security Controls reports will continue to work and will include operations initiated by the API. Scheduled reports that are based on date ranges will also be automatically generated, but reports will not be automatically generated for patch scans initiated from the API.
The same logging levels are available at both the user interface level and the API level.
Yes. Here’s an example of how to show the 10 most recent scans:
> $scans = Get-PatchScan –count 10
> $mostRecentScan = $scans[0]
> $mostRecentScan | Get-Member
> $mostRecentScan | Format-PatchScanTable
> $mostRecentScan.MachineStates[0] | Get-Member
>
Yes, you will do this by controlling the scan input. You will specify which machines should be scanned, pare that down using attributes and then feed the pared down scan into the deployment process.
Yes. See the error code. You can view this information using Deployment Tracker or by using the Get-PatchDeploy command.
Yes.