Jamf Protect Remediations and smart groups

panirwane
New Contributor

Hi everyone

i'm trying to understand the best way to configure Jamf Protect with our jamf instance. I set up a smart group in jamf to alert users about security issues and that works fine.

Unfortunately the jamf protect documentation is a bit incomplete imho.

 

  1. What are the next steps i need to follow? Any suggestion or guide to suggest?

  2. Do i need to manually remove the mac from the smart group?

  3. Jamf Protect has some removing capabilities or i need to clean the mac manually?

1 REPLY 1

BrendonP
New Contributor II
New Contributor II

@panirwane Does this Jamf documentation have the information you're looking for?
https://docs.jamf.com/jamf-protect/documentation/Setting_Up_Analytic_Remediation_With_Jamf_Pro.html

For question 1, the next step after setting up smart groups in Jamf Pro is to map one or more analytics to the extension attribute value used for the smart group membership calculations.

For questions 2-3, Jamf Protect writes the extension attribute identifier (for Jamf Pro to collect as inventory) and does not automatically remove it. When an analytic detection is remediated, the extension attribute identifiers must be manually removed from Application Support on the Mac, at which point the computer is removed from the smart group during the next calculation.

Hope this info helps! If there is additional information or answers that you expect to see in this documentation, we'd be glad to take in that feedback.

Brendon | Jamf