Jamf Protect

Version: Jamf Protect

Jamf Protect is advanced software that protects Apple’s macOS software. It is used to maintain endpoint compliance, anti-virus, and malware protection and focuses on remediating Mac-specific threats. Jamf Protect is integrated with Netsurion to send logs using the Jamf Protect API.

Netsurion's Open XDR platform provides insights about the Jamf Protect alerts and device activities. Netsurion's Open XDR platform reports Jamf Protect alerts and device activities which provide a detailed summary for various events like the USB devices insertions, prompts regarding user credentials before the process execute, etc.

Netsurion alerts notify crucial events like suspicious activities, privilege escalation, defense evasion, and others.

  • Security: Jamf Protect alerts.
  • Operations: Device activities.

After the Jamf Protect software is configured to deliver the Jamf Protect events to EventTracker, then the alerts, dashboards, and reports can be configured into EventTracker.

Alerts

Type Name Description
Security Jamf Protect - Defense evasion has been detected This alert generates whenever a running process deletes its executable after executing into the host.
Security Jamf Protect - Privilege escalation has been detected This alert generates whenever the processes prompt a user for credentials before executing.
Security Jamf Protect - The signed application has been blocked This alert generates whenever the Gatekeeper blocks an application that was signed.
Security Jamf Protect - Suspicious activity has been detected This alert generates whenever suspicious activities are detected on their hosts.

Reports

Type Name Description
Security Jamf Protect - Alerts This report gives information about alerts triggered by Jamf Protect. It contains field information like the source IP address, hostname, username, file path, detected tags, and status.
Operations Jamf Protect - Device activities This report gives information about the devices connected to their hosts. It contains fields information like hostname, device name, vendor name, device connected port, etc.

Documentation

The configuration details are consistent with the Netsurion version 9.2x and later, and the Jamf Protect software.

Download Integration Guide and How-to Guide for more information and to configuration instructions.