Jamf Protect Event Collector
#
This Integration is part of the JamfProtect Pack.Supported versions
Supported Cortex XSOAR versions: 6.9.0 and later.
Use this integration to fetch audit logs events, alerts events and computers assets from Jamf Protect to Cortex XSIAM.
#
Configure Jamf Protect Event Collector in CortexParameter | Description | Required |
---|---|---|
Server URL (e.g., https://example.protect.jamfcloud.com) | REST API Endpoint of Jamf Protect server. | True |
Trust any certificate (not secure) | False | |
Use system proxy settings | False | |
Client ID | The unique identifier for the client application, provided by Jamf when the application is registered. This is used to authenticate the client with the Jamf Protect server. | True |
Password | The password for the client application. This is used to authenticate the client with the Jamf Protect server. | True |
Max alert events per fetch | Maximum number of alert events to fetch at a time. Default is 1000 | False |
Max audit events per fetch | Maximum number of audit events to fetch at a time. Default is 20,000 | False |
Fetch Computer Assets Interval | The fetch interval. It is recommended to set it to 12 hours. The minimum interval is 1 hour. | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
jamf-protect-get-eventsGets events from Jamf Protect.
#
Base Commandjamf-protect-get-events
#
InputArgument Name | Description | Required |
---|---|---|
limit | The number of events to return. Default is 10. | Optional |
start_date | The start date from which to filter events. | Optional |
end_date | The end date to which to filter events. | Optional |
should_push_events | Set this argument to True in order to create events, otherwise the command will only display them. Possible values are: true, false. Default is false. | Optional |
#
Context OutputThere is no context output for this command.
#
jamf-protect-get-computer-assetsGets computer assets from Jamf Protect.
#
Base Commandjamf-protect-get-computer-assets
#
InputArgument Name | Description | Required |
---|---|---|
limit | The number of computer assets to return. Default is 10. | Optional |
#
Context OutputThere is no context output for this command.