Jamf Pro Logs

Overview

Panther supports ingesting Jamf Pro logs via Amazon Web Services (AWS) S3 as a .

How to onboard Jamf Pro logs to Panther

To connect these logs into Panther:

1. In the left-hand navigation bar of your Panther Console, click Configure > Log Sources.

2. Click Create New.

3. Select JAMF Pro from the list of available log sources. Click Start Setup.

   • AWS S3 bucket is automatically selected as the Transport Mechanism because it is the only supported Transport Mechanism for this log type.

   • Before proceeding, please follow Panther’s documentation for configuring the Data Transport option via an .

4. Configure JAMF Pro to push logs to the Data Transport source.

   • See for instructions on how to push logs to a S3 bucket that's configured to allow Panther to read from.

Supported log types

Jamfpro.Login

Login events into Jamf Pro itself.

fields:
  - name: ipAddress
    type: string
    description: IP Address that started the request
    indicators:
      - ip
  - name: username
    required: true
    description: Username of the account
    indicators:
      - username
    type: string
  - name: status
    required: true
    type: string
    description: The status of the login request
  - name: entryPoint
    required: true
    type: string
    description: The method used to login. Either Single Sign On, Universal API or Unknown
  - name: timestamp
    required: true
    type: timestamp
    description: Login timestamp
    isEventTime: true
    timeFormat: '%Y-%m-%dT%H:%M:%S,%f'