Is there an easy documentation for building customized analytics?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-14-2022 02:27 AM
Hello all,
I am looking for a workshop or tutorial guide on creating own Analytics. For example, I would like to create an analytic that identifies the download of certain files by their names.
Are there any materials for this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-14-2022 03:38 AM
A good place where to start could be looking at some of the built-in Analytics that use the GPDownloadEvent Sensor, for example SuspiciousFileDownload or FlashDownloadNotSignedByAdobe.
There is also an example in this post
Files Downloaded from the Internet
Sensor Type: GPDownloadEvent
true == true
The GPDownloadEvent provides visibility into any file that gets downloaded on the system using Apple’s APIs.
For general reference on Custom Analytic and how-to: https://github.com/jamf/jamfprotect/tree/main/custom_analytic_detections
