Skip to main content

Jamf Protect Event Collector

This Integration is part of the JamfProtect Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.9.0 and later.

Use this integration to fetch audit logs events, alerts events and computers assets from Jamf Protect to Cortex XSIAM.

Configure Jamf Protect Event Collector in Cortex#

ParameterDescriptionRequired
Server URL (e.g., https://example.protect.jamfcloud.com)REST API Endpoint of Jamf Protect server.True
Trust any certificate (not secure)False
Use system proxy settingsFalse
Client IDThe unique identifier for the client application, provided by Jamf when the application is registered. This is used to authenticate the client with the Jamf Protect server.True
PasswordThe password for the client application. This is used to authenticate the client with the Jamf Protect server.True
Max alert events per fetchMaximum number of alert events to fetch at a time. Default is 1000False
Max audit events per fetchMaximum number of audit events to fetch at a time. Default is 20,000False
Fetch Computer Assets IntervalThe fetch interval. It is recommended to set it to 12 hours. The minimum interval is 1 hour.False

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

jamf-protect-get-events#


Gets events from Jamf Protect.

Base Command#

jamf-protect-get-events

Input#

Argument NameDescriptionRequired
limitThe number of events to return. Default is 10.Optional
start_dateThe start date from which to filter events.Optional
end_dateThe end date to which to filter events.Optional
should_push_eventsSet this argument to True in order to create events, otherwise the command will only display them. Possible values are: true, false. Default is false.Optional

Context Output#

There is no context output for this command.

jamf-protect-get-computer-assets#


Gets computer assets from Jamf Protect.

Base Command#

jamf-protect-get-computer-assets

Input#

Argument NameDescriptionRequired
limitThe number of computer assets to return. Default is 10.Optional

Context Output#

There is no context output for this command.