Deploying Palo Alto Traps sensors for deployment in Jamf

jgarland
New Contributor III

Hi All -
This is my first post but I felt it was worth it. I was having issues finding all the pieces needed to install the Traps sensors via Jamf. Here is what I used and it worked:

Installing Traps inside Jamf Pro
Summary: This is an automatic installation inside Jamf with removal of the package files after installation.

Prerequisites - Traps for Mac Installer from console. Usually comes in a ZIP file.
- Custom XML file provided by Traps Administrator with organization server addresses in xml format
Be sure to add your organization server address to the xml format

Here is the location where Palo Alto Traps installs:
Macintosh HD - Library - Application Support-PaloAltoNetworks - Traps

Process #1
1. Place Traps installer, .version, xml file in a folder named Traps_macOS_installer and move folder to a temporary location on your computer. I usually use /tmp (/private/tmp). This way it will be removed at next restart.
2. Open Composer.
3. Create a new package by dragging and dropping the Traps folder located in your temporary location into composer.
4. Build as PKG file since you have setup.

NOTE: As long as you keep the Traps_macOS_installer consistant and all the file names are the same then you will just need to update the .version file and traps.pkg file and recomplie.

Now that the sensor has been packaged - onto process #2

With the implementation of stronger security on the MacOS Environment, anything using MacOS Ver. 10.13 and above will need the following configuration profile applied.

Process #2
1. Log into your Jamf Pro Environment and go to Computer Tab - Configuration Profiles.
2. Create new
3. Under General - Name your config - and insert a description - I used KEXT approval.
4. On the left hand side of dashboard, go down to Approved Kernal Extensions and enter the display name and team ID for palo alto (always verify correct settings from Palo Alto for Team ID.
5. Enter the TEAM ID

  1. Enter the scope
  2. Hit Save

Process #3
1.Go to the Gear and under computer management find scripts
2. Click - add new
3. Name the script
4. Enter the below script to get the script to run.

!/bin/sh

postinstall

wait 10
/usr/sbin/installer -allowUntrusted -pkg /private/tmp/Traps_macOS_installer/Traps.pkg -target /
exit 0

  1. Click Save

Process #4
1. Create a new policy.
2. Under general give it a name - select recurring check in and Once per computer.
3. Under Packages - select your package that you created - ie Traps_MacOS_installer.pkg
4. Under Scripts - select the script you created in Process #3
Set the Priority to AFTER
5. Under Restart Options - select restart if package or update requires it
5. Under Maintenance - click on Update Inventory.
5. Hit SAVE - to save your Policy
NOTE: We have not applied a scope at this point.

Process #5
1. Go to Smart Computer Groups and select NEW 2. For a display name use Traps Auto Install
3. Under Criteria - select advanced - go to profile identifier.
4. Enter the Configuration Profile Identifyer.
5. Click Save

How to find the Configuration Profile Identifier inside Jamf.
1. Apply the Configuration Profile that you created in Process#2 to one machine.
2. Log into Jamf Production and find the machine that you deployed 3. Under Profiles, look for the name of the configuration profile you created in process#2.
4. Copy the Config ID and add/insert that Identifier number to your SMART Computer Group.

0 REPLIES 0