Jamf Pro Logs
Connecting Jamf Pro logs to your Panther Console
To connect these logs into Panther:
- 1.Log in to the Panther Console.
- 2.In the left sidebar, click Configure > Log Sources.
- 3.Click Create New.
- 4.Search for the log type you want to onboard, then click its tile.
- 5.Select the data transport method you wish to use for this integration, then follow Panther's instructions for configuring the method:
- 6.Set up your Data Transport in the Panther Console.
- Please follow Panther’s documentation for configuring the Data Transport option via an AWS S3 bucket.
- 7.Configure Jamf Pro to push logs to the Data Transport source.
- See Jamf's documentation for instructions on how to push logs to a S3 bucket that's configured to allow Panther to read from.
Required fields in the schema are listed as "required: true" just below the "name" field.
Login events into Jamf Pro itself.
fields:
- name: ipAddress
type: string
description: IP Address that started the request
indicators:
- ip
- name: username
required: true
description: Username of the account
indicators:
- username
type: string
- name: status
required: true
type: string
description: The status of the login request
- name: entryPoint
required: true
type: string
description: The method used to login. Either Single Sign On, Universal API or Unknown
- name: timestamp
required: true
type: timestamp
description: Login timestamp
isEventTime: true
timeFormat: '%Y-%m-%dT%H:%M:%S,%f'
Last modified 4d ago