Posted on 07-29-2024 10:06 AM
I'm trying to determine if this is possible. I know Jamf can keep track of what applications are installed. Is it possible for it to track when an application is installed via a 3rd party app store or cli and not from the official app store or self service app? Maybe via an extension attribute or something. I'm still researching this outside of this post as well. If i do find an answer outside of this forum. I will update this post to include those instructions for anyone that may need it in the future.
Posted on 07-29-2024 10:22 AM
what are you expecting as an output and how would you collate the data?
If you've given people admin rights they need to install apps, they must be trusted? If not, they should not have admin rights.
While I could be possible. Not sure JAMF / EAs are the best method.
Better to provide all the apps people need in Self Service via Apple App Store and JAMF Mac Apps.
as for 'cli' apps, if you mean Homebrew, thats a whole different game..
07-29-2024 10:42 AM - edited 07-29-2024 10:43 AM
Beyond telling if an app came from the App Store or not, there is not a direct way to get the information you are wanting. Unless a developer chose to bake something into the app bundle that tells you where the application came from (which would not be reliable anyway), you would have to dig through OS event logging to know where the source files came from.
TL;DR: To do what you are wanting; you need to redirect macOS event logs to SIEM and write dashboards based on the data. This is not something Jamf Pro is designed to do.