Hello,
We're looking to import Cyber Threat Intelligence a feed into Jamf Protect. Something like STIX2.1 or a GraphQL API similar to here .
The idea is to enrich Jamf Protect endpoint protection and integrate IoC's from external feeds.
Is there already a solution? Is this on the roadmap?
Question
Feature Request: Threat Intelligence Feed Ingestion
+1
+26You probably wont hear much about roadmaps, at least not until JNUC. However, you can submit a feature request for Jamf using ideas, the link is below.
Hello,
We are looking to integrate Cyber Threat Intelligence (CTI) feeds into Jamf Protect to enrich our endpoint protection with external Indicators of Compromise (IoCs). Specifically, we are interested in integrating feeds in STIX 2.1 format or via GraphQL API, similar to the capabilities provided in other security platforms.
Could you please provide insight on the following:
Does Jamf Protect currently support direct integration of STIX 2.1 feeds or GraphQL APIs for ingesting IoCs?
If not, are there existing solutions or best practices for importing external CTI feeds into Jamf Protect?
Is there any functionality or integration planned for a future release that would allow such integrations?
Additionally, if a custom integration is needed, could you provide guidance or documentation on how to leverage Jamf Protect’s API for importing external threat intelligence?
Best Regard,
Kely
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.