Hi Team,
I’m evaluating a potential integration between Jamf Pro and a third-party Threat Intelligence Platform (TIP), and wanted to validate feasibility from a technical/partner perspective.
The TIP APIs provide:
-
Stream of malicious IOCs (IP, domain, file hash, URL) (Usually need to run on schedule)
-
On-demand IOC reputation lookup (malicious/suspicious/benign)
-
File and URL scanning capabilities
Planned approach:
-
Integration will rely only on Jamf Pro APIs (no agent/kernel-level extensions)
Key questions:
-
Can Jamf Pro workflows leverage external IOC data to trigger actions on managed devices?
-
Using Jamf APIs, is it feasible to:
-
Enforce blocking of malicious domains/URLs via configuration profiles or policies?
-
Act on files (e.g., remediation based on file hash via scripts)?
-
Trigger automated responses (policies, scripts, device lock/wipe) based on external intelligence?
-
-
Are there any recommended patterns or limitations when integrating external threat intelligence feeds with Jamf?
Any guidance or references would be helpful.
Thanks!