SIEM & XDR Integration
  • 23 Sep 2022
  • 1 Minute to read
  • Dark
  • PDF

SIEM & XDR Integration

  • Dark
  • PDF

Article summary

Many mid-to-large organizations employ a SIEM and/or XDR in order to correlate digital events and activity generated across as many endpoints as possible. The more data, the better the chance of being able to identify patterns that could indicate an on-going attack. This is loosely known as threat hunting.

Thanks to the nature of Jamf's agent and cloud-based security products, these products are privvy to a rich set of data that includes both on-device and in-network signals. This data is available regardless of the device's physical location or network usage.

Security Events

Jamf security products generate security events when activity is detected that violates a threat policy or analytic. These events may be streamed to a listening SIEM/XDR service for ingestion and analysis.

Depending upon deployment, these data streams will contain for

Network Activity

Jamf can forward a raw feed of all DNS or HTTP-based network activity (based upon deployment) generated by corporate managed or BYO devices (work/managed apps only) to a third party data repository.

This data stream is extremely valuable to organizations to build out the sequence of events on the network across a large number of devices that may have lead to an attack. It can also be used to detect and signal Shadow IT usage across the organization.

  • Jamf Network Traffic Stream
    • Network activity for all platforms with DNS or HTTP Proxy vectoring deployed.
    • Note: Private Access activity is not currently supported.

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.