Posted on 09-07-2021 01:03 PM
Greetings. I need to be able to ingest Security related log data from JAMF Pro api. Does anyone have suggestions on the API endpoints that I should focus on?
Thanks
Frank
Posted on 09-07-2021 01:45 PM
If you are on Jamf Cloud you have to pay for Premium Cloud (+$20k/year) in order to get complete log forwarding to a SIEM.
If you are on-prem it's free by just installing a connector on the server.
The API won't give you enough information to generate proper security events.
Posted on 09-08-2021 04:53 AM
What if we have Jamf PRO?
Posted on 09-08-2021 02:44 PM
Jamf Pro can be hosted either in Jamf Cloud or on premises. As @afarnsworth mentions, if your Jamf Pro is hosted on Jamf servers you have to go with a Premium subscription. If your Jamf Pro is hosted on your own servers, just install your SIEM connector to forward the logs you need.
We rely on DataDogHQ as our SIEM and we use a mix of agent and Jamf Pro APIs to log the events we need. For example we use the use the Jamf Pro API to collect all compliance information we can get from the device inventory, then we use the agent to collect information on events like change management, access log and Jamf Pro log.
Posted on 09-23-2021 04:19 AM
Hi I have a requirement to send below logs to SIEM solution LogRhythm. Can you help me how to do it? Logrhythm agent wont support on Mac.
Posted on 09-09-2021 04:23 AM
Thanks for the info!
Posted on 09-22-2021 06:39 PM
We don't use premium jamf cloud and we ingest data into our data cloud platform. We do this a few ways, we have an API collector that runs every so many hours and does an async pull of all device records. Then we also ingest many different webhooks for event data.
Posted on 12-10-2021 08:33 PM
@tlarkin Any chance you could provide a few details on your implementation for this?
Thanks in advance!
Posted on 10-24-2024 07:45 AM
I know this is an old thread, but if you see this, can you come back here and share anything with us? Thanks!
Posted on 12-20-2022 09:44 AM
@tlarkin This would be helpful to our org as well if you're able to provide some more info.