I am looking for a workshop or tutorial guide on creating own Analytics. For example, I would like to create an analytic that identifies the download of certain files by their names.
Are there any materials for this?
A good place where to start could be looking at some of the built-in Analytics that use the GPDownloadEvent Sensor, for example SuspiciousFileDownload or FlashDownloadNotSignedByAdobe.
There is also an example in this post
Files Downloaded from the Internet Sensor Type: GPDownloadEvent true == true
The GPDownloadEvent provides visibility into any file that gets downloaded on the system using Apple’s APIs.
For general reference on Custom Analytic and how-to: https://github.com/jamf/jamfprotect/tree/main/custom_analytic_detections