Jamf Pro Logs

Connecting Jamf Pro logs to your Panther Console

Overview

Panther supports ingesting Jamf Pro logs via Amazon Web Services (AWS) S3 as a Data Transport.

A Jamf Premium Cloud add-on is required to connect Jamf Pro logs to Panther.

How to onboard Jamf Pro logs to Panther

To connect these logs into Panther:

In the left-hand navigation bar of your Panther Console, click Configure > Log Sources.
Click Create New.
Select JAMF Pro from the list of available log sources. Click Start Setup.
- AWS S3 bucket is automatically selected as the Transport Mechanism because it is the only supported Transport Mechanism for this log type.
- Before proceeding, please follow Panther’s documentation for configuring the Data Transport option via an AWS S3 bucket.
Configure JAMF Pro to push logs to the Data Transport source.
- See JAMF's documentation for instructions on how to push logs to a S3 bucket that's configured to allow Panther to read from.

Supported log types

Required fields in the schema are listed as "required: true" just below the "name" field.

Reference: Jamf Documentation on Event Logs.

fields:
  - name: ipAddress
    type: string
    description: IP Address that started the request
    indicators:
      - ip
  - name: username
    required: true
    description: Username of the account
    indicators:
      - username
    type: string
  - name: status
    required: true
    type: string
    description: The status of the login request
  - name: entryPoint
    required: true
    type: string
    description: The method used to login. Either Single Sign On, Universal API or Unknown
  - name: timestamp
    required: true
    type: timestamp
    description: Login timestamp
    isEventTime: true
    timeFormat: '%Y-%m-%dT%H:%M:%S,%f'

PreviousHeroku Logs (Beta)NextJuniper Logs

Last updated 9 months ago

Overview

How to onboard Jamf Pro logs to Panther

Supported log types

Jamfpro.Login