- Jamf Nation Community
- Products
- Jamf Pro
- Re: SmartGroup membership with report of reason
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
SmartGroup membership with report of reason
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
15 hours ago
I have a couple of smart groups which detect for the presence of certain Chrome Extensions or VPNs and then if a computer is added to that group it runs a policy script to remove those extensions or applications.
The only issue I have is that apart from knowing a computer has joined or been removed from a group, there is no information.
This may be a long shot, but does anyone know if there is a way to change the email report so it includes the reason a computer was added to a group? What I mean to clarify is that my VPN one, for example, looks for anything called "*VPN*" but it would be useful to know which application or extension triggered the group membership so I can get more information.
I could of course remove the script from automatically running to remove the offending software and manually add devices to another group which does run the script after I've seen the inventory....but just seeing if it is possible to get that info in a more streamlined way?
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
15 hours ago
Nope, smart group reporting just tells you if something was added or removed; basically, does the device meet the conditions to be in the group or not. If you need more granular reporting, you need more specific smart groups and possibly more specific extension attributes.
Depending on what information you are needing, you may need to look in to SIEM log redirection.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
15 hours ago
I figured but worth asking - don't really want to have to create a smart group for every single app or extension if I can avoid it but.....
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
14 hours ago
Ya, reporting can get out of hand fast. Jamf Pro is not really the tool for granular level device reporting like "this application was removed in this way at this time but this person". SIEM reporting would be far better suited for that, Jamf Protect could have analytics written to watch and report on all kinds of events.
I will caution about using too many extension attributes. They are scripts that run on every device at every check in, and the more you have and the more they are doing the longer your check-ins will take and the higher chance something will break with check-ins.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
15 hours ago - last edited 15 hours ago
You could have your Automatic script leave a breadcrumb list of the Application it removed, and then run an Extension Attribute to report that list.
I have EA's that run not for Smart group membership, but simply for operating information gathering.
In this case, you would get the email saying Mac A ran the script, so you go the record for Mac A and in the EA listing will be the result telling you what was last removed from it.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
42m ago
you can see the details of the removed software in the inventory by going to history and selecting Software and Hardware history, it shows what app is added and removed from the device. but you need to view this information on each device.
