I have a customer who uses Jamf Protect and we just recently integrated it with Azure Sentinel for GCC High. The native connector isn't available in GCC High yet, so we had to use the manual Data Forwarding method to an Azure Log Analytics Workspace. Ingestion seems to be working as of now. Without the native connector, however, we don't get the out-of-the-box analytics rules to create Sentinel incidents. Does anyone know of some importable analytics rules that might help us get some use out of the raw data in the log workspace?
Page 1 / 1
Hi @kalanfuga
The Jamf Protect for Microsoft Sentinel solution should be available in the Microsoft Azure Government marketplace at the following link.
https://portal.azure.us/#create/jamfsoftwareaustraliaptyltd1620360395539.jamf_protectjamf_protect
Installing this solution will ship you the Workbooks, Analytic Rules, Parser, Hunting Queries and Playbooks.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.