Posted on 09-06-2023 04:26 PM
Hi.
We need to have Jamf Pro send it's logs etc to our SIEM (SumoLogic)
We are currently on Jamf Pro Standard, and it seems like this isn't available for it.
It does seem that having Jamf Protect can send events to a SIEM though (https://learn.jamf.com/bundle/jamf-protect-documentation/page/SIEM_Integrations.html). But would getting Jamf Protect also include sending events/logs from Jamf Pro too?
Our other possible solution is upgrading from Jamf Pro Standard, to Jamf Pro Premium which would allow us to stream to the logs/events to an s3 bucket, where SumoLogic can ingest them from there (https://learn.jamf.com/bundle/jamf-security-documentation/page/Configuring_the_Threat_Events_Stream_...)
Just curious if anyone else (surely) has their logs/events streamed into a SIEM, and which product they used to do it with (e.g Jamf Premium Pro or Jamf Protect)
Thanks
Posted on 09-06-2023 09:30 PM
Well that's one of the reasons we host our customers Jamf Pro servers on-prem (We are an MSP btw). We collect and forward Jamf Pro access logs, change management logs and Jamf Pro server logs to DataDog, we curate them there and then forward to our customer's SIEM. As for Jamf Protect, we are forwarding alerts, telemetry and unified logging to Microsoft Sentinel, then we forward to customer SIEM
Posted on 09-18-2023 09:51 PM
Ah, see i thought that Jamf protect, along with being a seperate product, also then allowed streaming logs from Jamf pro into a SIEM. And without it, you couldn't