JIM Monitoring and Logging with QRADAR or other SIEMs

zbrooks
New Contributor II

Hi everyone, we currently have the JIM configured for an LDAP Proxy in our JAMF Cloud environment and I was wondering if anyone has setup any sort of SIEM system with JIM for monitoring any LDAP activity. Looking for QRADAR specifically, but any insight will do honestly.

Our Incident Response team is looking to monitor activity on our LDAP Proxy servers (We have two, for two domains: Windows 2016 and 2019) but I cant seem to find any decent logs to monitor on them that have any substance. The jamf-im.log looks to only have check-in entries unfortunately and being in the Cloud doesn't give us the ability to view the Access logs like our On-Prem server did, not yet anyway!

Thank you!

0 REPLIES 0