Creating a Jamf Protect Action Configuration for Sumo Logic

Jamf Protect Documentation
Solution
Application
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US

In the macOS Security portal, use your HTTP log source address from Sumo Logic as data endpoints for each macOS Security data type you want to collect.

Requirements

The HTTP log source URL from your Sumo Logic event collector. For more information, see Creating an HTTP Event Source for macOS Security Data in Sumo Logic.

  1. In Jamf Protect, click Actions.
  2. Click Edit on an existing action configuration or click Create Action to create a new one.
  3. For each macOS Security data type, add a new data endpoint:
    1. In Data Endpoints, click + Add.
    2. Select HTTP.
    3. In URL, enter the previously generated HTTP source address.
    4. From Alerts, select the level of alerts want to collect.
    5. From Logs, select the data types you want to collect.
  4. In Data Endpoints, click + Add.
  5. Select HTTP as your endpoint configuration.
  6. Click Save.

The action configuration is updated and available to add to Jamf Protect plans in the macOS Security portal.