Supported OS
Overview Jamf Protect is a comprehensive security solution designed specifically for Apple endpoints, including macOS, iOS and iPadOS endpoints and other supported platforms. Jamf Protect enhances Apple’s built-in security features and provides real-time detection of malicious applications, scripts, and user activities.
Jamf Protect not only detects known malware, adware, but also prevents unknown threats and blocks command and control traffic and risky domains. Furthermore, it provides granular insights into endpoint activity, ensuring endpoint health and compliance, and supports incident response with automated workflows. This integration will collect logs from Jamf Protect events which can be analyzed using Datadog. This integration monitors Jamf Protect logs for both macOS Security and Jamf Security Cloud.
Setup Installation Navigate to the Integrations page and search for the “Jamf Protect” tile.
Determine your Datadog Intake URL Using the Datadog API Logs documentation , determine what your intake URL is by selecting your Datadog Site on the top right corner.
macOS Security Portal Click Actions .
Click Create Actions .
Name: Datadog.
Click Remote Alert Collection Endpoints .
a. URL: https://${DATADOG_INTAKE_URL}/api/v2/logs?ddsource=jamfprotect&service=alerts
b. Set Min Severity & Max Severity:
c. Click + Add HTTP Header .
i. Name: DD-API-KEY
ii. Value: <API_Key>
d. Click + Add HTTP Header .
i. Name: DD-APPLICATION-KEY
ii. Value: <APPLICATION_KEY>
Click + Unified Logs Collection Endpoints .
a. URL: https://${DATADOG_INTAKE_URL}/api/v2/logs?ddsource=jamfprotect&service=unifiedlogs
b. Click + Add HTTP Header .
i. Name: DD-API-KEY
ii. Value: <API_Key>
c. Click + Add HTTP Header .
i. Name: DD-APPLICATION-KEY
ii. Value: <APPLICATION_KEY>
Click + Telemetry Collection Endpoints .
a. URL: https://${DATADOG_INTAKE_URL}/api/v2/logs?ddsource=jamfprotect&service=telemetry
b. Click + Add HTTP Header .
i. Name: DD-API-KEY
ii. Value: <API_Key>
c. Click + Add HTTP Header .
i. Name: DD-APPLICATION-KEY
ii. Value: <APPLICATION_KEY>
Click Save .
Jamf Security Cloud Click Integrations in the Threat Events Stream.
Click Data Streams .
Click New Configuration .
Select Threat Events .
a. Select Generic HTTP .
Click Continue .
a. Configuration Name: Datadog (Threat)
b. Protocol: HTTPS
c. Server Hostname/IP: ${DATADOG_INTAKE_URL}
d. Port: 443
e. Endpoint: api/v2/logs?ddsource=jamfprotect&service=threatevents
f. Additional Headers:
i. Header Name: DD-API-KEY
Click Create option “DD-API-KEY” .
i. **Header Value:** <API_Key>
ii. **Header Name**: DD-APPLICATION-KEY
Click Create option “DD-APPLICATION-KEY” .
iii. **Header Value:** <APPLICATION_KEY>
Click Test Configuration .
If successful, click Create Configuration .
Network Traffic Stream Click Integrations .
Click Data Streams .
Click New Configuration .
Select Threat Events .
a. Select Generic HTTP .
Click Continue .
a. Configuration Name: Datadog (Threat)
b. Protocol: HTTPS
c. Server Hostname/IP: ${DATADOG_INTAKE_URL}
d. Port: 443
e. Endpoint: api/v2/logs?ddsource=jamfprotect&service=networktraffic
Additional Headers:
i. Header Name: DD-API-KEY
Click Create option “DD-API-KEY” . ii. Header Value: <API_Key>
i. Header Name: DD-APPLICATION-KEY
iv. Click Create option “DD-APPLICATION-KEY” .
i. Header Value: <APPLICATION_KEY>
Click Test Configuration .
If successful, click Create Configuration .
Validation Navigate to the Logs Explorer and search for source:jamfprotect
to validate you are receiving logs.
Data Collected Logs The Jamf Protect integration allows you to send Jamf Audit Logs to Datadog.
Metrics Jamf Protect does not include any metrics.
Service Checks Jamf Protect does not include any service checks.
Events Jamf Protect does not include any events.
Troubleshooting Need help? Contact Datadog support .