Jamf Protect

Version: Jamf Protect

Jamf Protect is advanced software that protects Apple’s macOS software. It is used to maintain endpoint compliance, anti-virus, and malware protection and focuses on remediating Mac-specific threats. Jamf Protect is integrated with Netsurion to send logs using the Jamf Protect API.

Netsurion Open XDR provides insights about the Jamf Protect alerts and device activities. Netsurion Open XDR reports Jamf Protect alerts and device activities which provide a detailed summary for various events like the USB devices insertions, prompts regarding user credentials before the process execute, etc.

Netsurion Open XDR alerts notify crucial events like suspicious activities, privilege escalation, defense evasion, and others.

  • Security: Jamf Protect alerts.
  • Operations: Device activities.

After the Jamf Protect software is configured to deliver the Jamf Protect events to Netsurion Open XDR, then the alerts, dashboards, and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Jamf Protect – Defense evasion has been detected This alert generates whenever a running process deletes its executable after executing into the host.
Security Jamf Protect – Privilege escalation has been detected This alert generates whenever the processes prompt a user for credentials before executing.
Security Jamf Protect – The signed application has been blocked This alert generates whenever the Gatekeeper blocks an application that was signed.
Security Jamf Protect – Suspicious activity has been detected This alert generates whenever suspicious activities are detected on their hosts.

Reports

Type Name Description
Security Jamf Protect – Alerts This report gives information about alerts triggered by Jamf Protect. It contains field information like the source IP address, hostname, username, file path, detected tags, and status.
Operations Jamf Protect – Device activities This report gives information about the devices connected to their hosts. It contains fields information like hostname, device name, vendor name, device connected port, etc.

Documentation

The configuration details are consistent with the Netsurion Open XDR 9.2x and later, and the Jamf Protect software.

Download Integration Guide and How-to Guide for configuration instructions and more information.