JAMF parsers overview

Supported in:

Google secops SIEM

This document lists the Jamf parsers that normalizes Jamf product logs into Google Security Operations Unified Data Model (UDM) fields. It provides a high level overview of each Jamf product with its use case scenario.

Configure ingestion of Jamf logs

To ingest the Jamf logs to Google SecOps, click the corresponding ingestion mechanism link from the table and follow the instructions provided with each parser.

Jamf products and description

The following table lists the Jamf parsers that Google SecOps supports. It also lists the corresponding ingestion label for each parser along with their individual product description. You can click the ingestion mechanism link provided with each parser to view the the detailed steps of ingestion mechanism to be followed. To view the mapping reference documentation of the parser, click the corresponding parser name from the table.

Product Name	Ingestion label	Product Description
`Jamf Protect`	`JAMF_PROTECT`	Jamf Protect is an endpoint security solution designed to protect macOS devices by preventing malware, detecting and responding to threats, and maintaining device compliance. It provides deep visibility into on-device activities, security analytics, and real-time threat alerts. This helps in safeguarding devices against macOS-specific threats, ensures devices meet security baselines, and enables security teams to hunt for and remediate suspicious activities. Jamf Protect Ingestion Mechanism
`Jamf Telemetry`	`JAMF_TELEMETRY`	Jamf Protect Telemetry encompasses a broad range of data collected from Jamf-managed macOS devices, including device health, inventory details, application usage, system logs, and security status. This data provides administrators and security teams with insights into the state of the macOS fleet, supporting device management, operational monitoring, compliance reporting, and trend analysis. Jamf Protect Telemetry Ingestion Mechanism
`Jamf Protect Telemetry V2`	`JAMF_TELEMETRY_V2`	Jamf Protect Telemetry V2 represents an evolved data stream from Jamf-managed macOS devices, offering enhanced data points, improved data structures, or more efficient collection methods compared to the original telemetry feed. This version aims to provide more granular insights, better performance, and potentially new categories of information for more comprehensive monitoring, analysis, and security oversight of the macOS fleet. Jamf Protect Telemetry V2 Ingestion Mechanism
`Jamf Threat Events`	`JAMF_THREAT_EVENTS`	Jamf Threat Events are specific security-focused logs generated by Jamf Protect. These logs detail detected threats and suspicious activities on macOS endpoints, such as malware detections, blocked executions, anomalous behaviors, and security policy violations. This data is crucial for security operations to identify, investigate, and respond to security incidents, understand threat landscapes, and refine security policies. Jamf Threat Events Ingestion Mechanism

Need more help? Get answers from Community members and Google SecOps professionals.