Jamf Pro Logs

Connecting Jamf Pro logs to your Panther Console

Overview
Panther supports ingesting Jamf Pro logs via Amazon Web Services (AWS) S3 as a Data Transport.
Note: A Jamf Premium Cloud add-on is required to connect Jamf Pro logs to Panther.
How to onboard Jamf Pro logs to Panther
To connect these logs into Panther:
1.Log in to the Panther Console.
2.In the left sidebar, click Configure > Log Sources.
3.Click Create New.
4.Search for the log type you want to onboard, then click its tile.
5.Select the data transport method you wish to use for this integration, then follow Panther's instructions for configuring the method:
6.Set up your Data Transport in the Panther Console.
Please follow Panther’s documentation for configuring the Data Transport option via an AWS S3 bucket.
7.Configure Jamf Pro to push logs to the Data Transport source.
See Jamf's documentation for instructions on how to push logs to a S3 bucket that's configured to allow Panther to read from. 
Supported log types
Required fields in the schema are listed as "required: true"  just below the "name" field.
Jamfpro.Login
Login events into Jamf Pro itself.
Reference: Jamf Documentation on Event Logs.
fields:
  - name: ipAddress
    type: string
    description: IP Address that started the request
    indicators:
      - ip
  - name: username
    required: true
    description: Username of the account
    indicators:
      - username
    type: string
  - name: status
    required: true
    type: string
    description: The status of the login request
  - name: entryPoint
    required: true
    type: string
    description: The method used to login. Either Single Sign On, Universal API or Unknown
  - name: timestamp
    required: true
    type: timestamp
    description: Login timestamp
    isEventTime: true
    timeFormat: '%Y-%m-%dT%H:%M:%S,%f'

Google Workspace Logs

Juniper Logs

Last modified 4d ago