Skip to main content

I have a couple of smart groups which detect for the presence of certain Chrome Extensions or VPNs and then if a computer is added to that group it runs a policy script to remove those extensions or applications.


The only issue I have is that apart from knowing a computer has joined or been removed from a group, there is no information.


This may be a long shot, but does anyone know if there is a way to change the email report so it includes the reason a computer was added to a group?  What I mean to clarify is that my VPN one, for example, looks for anything called "*VPN*" but it would be useful to know which application or extension triggered the group membership so I can get more information.


I could of course remove the script from automatically running to remove the offending software and manually add devices to another group which does run the script after I've seen the inventory....but just seeing if it is possible to get that info in a more streamlined way?

Nope, smart group reporting just tells you if something was added or removed; basically, does the device meet the conditions to be in the group or not. If you need more granular reporting, you need more specific smart groups and possibly more specific extension attributes.


Depending on what information you are needing, you may need to look in to SIEM log redirection.

Nope, smart group reporting just tells you if something was added or removed; basically, does the device meet the conditions to be in the group or not. If you need more granular reporting, you need more specific smart groups and possibly more specific extension attributes.


Depending on what information you are needing, you may need to look in to SIEM log redirection.


I figured but worth asking - don't really want to have to create a smart group for every single app or extension if I can avoid it but.....

You could have your Automatic script leave a breadcrumb list of the Application it removed, and then run an Extension Attribute to report that list.
I have EA's that run not for Smart group membership, but simply for operating information gathering.
In this case, you would get the email saying Mac A ran the script, so you go the record for Mac A and in the EA listing will be the result telling you what was last removed from it.

I figured but worth asking - don't really want to have to create a smart group for every single app or extension if I can avoid it but.....


Ya, reporting can get out of hand fast. Jamf Pro is not really the tool for granular level device reporting like "this application was removed in this way at this time but this person". SIEM reporting would be far better suited for that, Jamf Protect could have analytics written to watch and report on all kinds of events.


 


I will caution about using too many extension attributes. They are scripts that run on every device at every check in, and the more you have and the more they are doing the longer your check-ins will take and the higher chance something will break with check-ins.


 

you can see the details of the removed software in the inventory by going to history and selecting Software and Hardware history, it shows what app is added and removed from the device. but you need to view this information on each device. 

Hello,
It's possible to create a script to retrieve the application history for all workstations through the API.

Reply


Terms & ConditionsCookie settings