A Jamf Protect analytic is a rule that detects suspicious user behavior and malicious system activity on macOS computers. Jamf Protect includes over 150 Jamf-managed analytics for you to deploy in your environment. Additionally, you can create custom analytics to detect activity specific to your security needs.
When an analytic detects a threat, you receive an alert directly in the Jamf Protect web app, if data is sent to the Jamf Protect Cloud, or to any configured remote collection endpoint. Information security administrators can then analyze and remediate the threat.
Analytics are organized and managed in the Jamf Protect web app in two ways:
- Categories
-
Categories help you classify, sort, and view analytics within the web app. Jamf Protect includes default categories for Jamf-managed analytics, but you can also create new categories for custom analytics.
- Analytic sets
-
Analytic sets are groups of analytics that you can add to one or more plans for deployment. You can continuously edit and create analytic sets to granularly control what threats are monitored on computers in your environment.
To deploy analytics to computers, you must add individual analytics to one or more analytic sets, and then add each analytic set to one or more plans.