Knowledge BasePanther.comRelease NotesDemo Request
Search…
Overview
Quick Start
Data Sources & Transports
Data Transports
Supported Logs
1Password Logs
Apache Logs
Asana Logs
Atlassian Logs
AWS Logs
Box Logs
Cisco Umbrella Logs
Cloudflare Logs
CrowdStrike Logs
Dropbox Logs
Duo Security Logs
Fastly Logs
Fluentd Logs
GCP Logs
Github Logs
GitLab Logs
G Suite Logs
JAMF Pro Logs
Juniper Logs
Lacework Logs
Microsoft 365 Logs
Microsoft Graph Logs (Beta)
MongoDB Atlas Logs
Nginx Logs
Okta Logs
OneLogin Logs
Osquery Logs
OSSEC Logs
Salesforce Logs
Sophos Logs
Slack Logs
Snyk Logs
Suricata Logs
Syslog Logs
Teleport Logs
Zeek Logs
Zoom Logs
Zendesk Logs
Custom Logs
Monitoring Log Sources
Writing Detections
Cloud Security Scanning
Alert Destinations
Data Analytics
Enrichment
System Configuration
Guides
Help
Panther Developer Workflows
Panther API
Panther Analysis Tool
Managing Detections via CI/CD
GitHub Actions Onboarding Guide
Panther Config SDK (Beta)
Powered By GitBook
JAMF Pro Logs
Connecting JAMF Pro logs to your Panther Console

Overview

Panther supports ingesting JAMF Pro logs via Amazon Web Services (AWS) S3 as a Data Transport.
Note: A JAMF Premium Cloud add-on is required to connect JAMF Pro logs to Panther.

How to onboard JAMF Pro logs to Panther

To connect these logs into Panther:
  1. 1.
    Set up your Data Transport in the Panther Console.
    • Please follow Panther’s documentation for configuring the Data Transport option via an AWS S3 bucket.
  2. 2.
    Configure JAMF Pro to push logs to the Data Transport source.
    • See JAMF's documentation for instructions on pushing logs to your selected Data Transport source.

Supported log types

Required fields in the schema are listed as "required: true" just below the "name" field.

Jamfpro.Login

Login events into JAMF Pro itself.
fields:
- name: ipAddress
type: string
description: IP Address that started the request
indicators:
- ip
- name: username
required: true
description: Username of the account
indicators:
- username
type: string
- name: status
required: true
type: string
description: The status of the login request
- name: entryPoint
required: true
type: string
description: The method used to login. Either Single Sign On, Universal API or Unknown
- name: timestamp
required: true
type: timestamp
description: Login timestamp
isEventTime: true
timeFormat: '%Y-%m-%dT%H:%M:%S,%f'
Previous
G Suite Logs
Next
Juniper Logs
Last modified 2mo ago
Copy link
On this page
Overview
How to onboard JAMF Pro logs to Panther
Supported log types
Jamfpro.Login