JAMF Pro Logs
Connecting JAMF Pro logs to your Panther Console

Overview

Panther supports ingesting JAMF Pro logs via Amazon Web Services (AWS) S3 as a Data Transport.
Note: A JAMF Premium Cloud add-on is required to connect JAMF Pro logs to Panther.

How to onboard JAMF Pro logs to Panther

To connect these logs into Panther:
  1. 1.
    Set up your Data Transport in the Panther Console.
    • Please follow Panther’s documentation for configuring the Data Transport option via an AWS S3 bucket.
  2. 2.
    Configure JAMF Pro to push logs to the Data Transport source.
    • See JAMF's documentation for instructions on pushing logs to your selected Data Transport source.

Supported log types

Required fields in the schema are listed as "required: true" just below the "name" field.

Jamfpro.Login

Login events into JAMF Pro itself.
fields:
- name: ipAddress
type: string
description: IP Address that started the request
indicators:
- ip
- name: username
required: true
description: Username of the account
indicators:
- username
type: string
- name: status
required: true
type: string
description: The status of the login request
- name: entryPoint
required: true
type: string
description: The method used to login. Either Single Sign On, Universal API or Unknown
- name: timestamp
required: true
type: timestamp
description: Login timestamp
isEventTime: true
timeFormat: '%Y-%m-%dT%H:%M:%S,%f'
Copy link
On this page
Overview
How to onboard JAMF Pro logs to Panther
Supported log types
Jamfpro.Login