Jamf Protect
Version: Jamf Protect
Jamf Protect is advanced software that protects Apple’s macOS software. It is used to maintain endpoint compliance, anti-virus, and malware protection and focuses on remediating Mac-specific threats. Jamf Protect is integrated with Netsurion to send logs using the Jamf Protect API.
Netsurion Open XDR provides insights about the Jamf Protect alerts and device activities. Netsurion Open XDR reports Jamf Protect alerts and device activities which provide a detailed summary for various events like the USB devices insertions, prompts regarding user credentials before the process execute, etc.
Netsurion Open XDR alerts notify crucial events like suspicious activities, privilege escalation, defense evasion, and others.
- Security: Jamf Protect alerts.
- Operations: Device activities.
After the Jamf Protect software is configured to deliver the Jamf Protect events to Netsurion Open XDR, then the alerts, dashboards, and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Jamf Protect – Defense evasion has been detected | This alert generates whenever a running process deletes its executable after executing into the host. |
| Security | Jamf Protect – Privilege escalation has been detected | This alert generates whenever the processes prompt a user for credentials before executing. |
| Security | Jamf Protect – The signed application has been blocked | This alert generates whenever the Gatekeeper blocks an application that was signed. |
| Security | Jamf Protect – Suspicious activity has been detected | This alert generates whenever suspicious activities are detected on their hosts. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Jamf Protect – Alerts | This report gives information about alerts triggered by Jamf Protect. It contains field information like the source IP address, hostname, username, file path, detected tags, and status. |
| Operations | Jamf Protect – Device activities | This report gives information about the devices connected to their hosts. It contains fields information like hostname, device name, vendor name, device connected port, etc. |
Documentation
The configuration details are consistent with the Netsurion Open XDR 9.2x and later, and the Jamf Protect software.
Download Integration Guide and How-to Guide for configuration instructions and more information.