Jamf Protect is an endpoint security tool that enhances the built-in security available to macOS devices by leveraging Apple native frameworks. With a focus on threat prevention, behavior based detections and compliance insights, Jamf Protect has your devices covered. Find a complete overview of the available product features here.
There are multiple ways to integrate with Jamf Protect. From data streaming to SIEMs, direct API access to built-in integrations with third party tools, rest assured you'll be able to access data collected by Jamf Protect.
Data collected by Jamf Protect can be forwarded to a SIEM or other data aggregation tool, providing a stream of realtime information that can be used for unified logging and data visualization. Endpoints must be capable of receiving a JSON formatted HTTP POST directly from the client device, allowing for realtime analysis of events occurring on the device. An example of the setup and configuration of this type of workflow using Spunk can be found here.
Beyond integrating with SIEMs, Jamf Protect allows for the forwarding of data collected by Jamf Protect Cloud to Amazon S3 and Microsoft Azure Sentinel. Only data that is sent to the Jamf Protect Cloud via an action configuration can be forwarded to these platforms.
For complete details on configuring data forwarding to these platforms, please view the documentation available here.
The Jamf Protect API is the primary resource for programmatically interacting with Jamf Protect. Unlike other Jamf APIs, Jamf Protect utilizes GraphQL, an advanced query service and language. Queries allow consumers to gather data, while mutations allow for updates to be made to the data stored by Jamf Protect. Review the documentation for a complete list of the available Queries and Mutations.
Updated about 2 years ago