We are in the early stages of deploying Jamf Protect at our organization and my question is around analytics and remediation steps. I know you can configure Jamf Protect to update analytic actions to add to Jamf Pro Smart Computer Groups.
Should the process be creating a smart computer group aligned with each individual analytic? There's not a ton of documentation around remediation steps so I was curious to see what everyone else was doing to handle this?
There are a couple of options;
- Per Analytic you want to do a remediation with Jamf Pro you can define a custom value which will be set in the Computers record -> Extension Attribute and create a specific workflow for this type of alert/analytic.
- For more common Analytics you want to do a remediation with Jamf Pro you can set a value like "Medium_Severity_Alert" for all those Analytics you want to do the same workflow with Protect and Pro.
The Jamf Protect documentation has been updated recently, see the first section for a similar workflow.
Hopefully this does make sense!