JAMF Pro Logs
Connecting JAMF Pro logs to your Panther Console
To connect these logs into Panther:
- 1.Set up your Data Transport in the Panther Console.
- Please follow Panther’s documentation for configuring the Data Transport option via an AWS S3 bucket.
- 2.Configure JAMF Pro to push logs to the Data Transport source.
- See JAMF's documentation for instructions on pushing logs to your selected Data Transport source.
Required fields in the schema are listed as "required: true" just below the "name" field.
Login events into JAMF Pro itself.
fields:
- name: ipAddress
type: string
description: IP Address that started the request
indicators:
- ip
- name: username
required: true
description: Username of the account
indicators:
- username
type: string
- name: status
required: true
type: string
description: The status of the login request
- name: entryPoint
required: true
type: string
description: The method used to login. Either Single Sign On, Universal API or Unknown
- name: timestamp
required: true
type: timestamp
description: Login timestamp
isEventTime: true
timeFormat: '%Y-%m-%dT%H:%M:%S,%f'
Last modified 6mo ago