¶ JAMF Protect Log Forwarding Setup
The following page details instructions on how to set up log forwarding of JAMF Protect telemetry (logs) to the Secure-ISS SOC infrastructure.
There are three steps, creating the Telemetry Configuration (which logs to capture) and then to assign these to be collected and forwarded somewhere, the action.
There are inputs required from the Secure-ISS SOC, please be sure to co-ordinate this setup with our Onboarding or Governance teams.
Note that these instructions are for the Cloud console manager. If you are running an on-premises console please reach out to the Secure-ISS SOC or your account manager.
¶ Creating Telemetry Configuration
- In Jamf Protect, click “Telemetry”.
- Click “Create Telemetry”.
- Enter “Secure-ISS SOC(Push)” in the Name field (or another name of your choosing).
- Enter “Secure-ISS SOC notification - HTTPS Push” for the description.
- Select “Apple security” and “Access and authentication” as the two event categories to add to the configuration.
- Click Save.
Now that we have created the telemetry configuration, we will configure the action
¶ Creating an Action Configuration
-
In Jamf Protect, click “Action”.
-
Click Create Action.
-
Enter “Secure-ISS” in the Name field
-
Enter “Secure-ISS SOC notification - HTTPS Push” for the description.
-
In Data Endpoints, click Add
-
Select HTTP from the dropdown menu
-
Click Add
-
Enter the URL provided by Secure-ISS
-
Click Add HTTP Header
-
Enter “Authorization” in the Name Field
-
Enter the Value provided from the Secure-ISS team.
-
In Collect Alerts, check the High, Medium, and Low checkboxes.
-
In Collect Logs, check the “Telemetry” checkbox.
-
Click Save.
Finally, we will need to assign the configuration to the applicable Plan.
¶ Adding to a Plan
To add a telemetry configuration to a plan for deployment, go to the Plans page, create or edit a plan, and then choose the telemetry configuration from the Telemetry pop-up menu.
Once done, Click Save
Once the above has been configured please let the Secure-ISS SOC know and we will confirm receipt of the logs.