Customer-Owned AWS S3

Jamf Protect Documentation
Solution
Application
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US

Jamf Security Cloud can stream events to a customer-owned AWS S3 data stream, so you can share the events with your SIEM service. Only new events are exported once the stream is enabled. You cannot export historical events.

Requirements

  • An Amazon S3 bucket to store your Jamf Security Cloud data

  • An identity access management (IAM) role with permission to upload Jamf Protect data to an Amazon S3 bucket and Jamf's AWS account listed as a trusted entity
    Note:

    You can download the Jamf-provided AWS CloudFormation template to create a new S3 bucket and the IAM role for Jamf Security Cloud here: JamfDataCloudFormation.prod.yaml

  1. In Jamf Security Cloud, navigate to Integrations > Data Streams.
  2. Click New configuration.
  3. Select a data stream type.

    For more information about data stream types, see Jamf Security Cloud Data Stream Types and Targets.

  4. Select Customer-owned AWS S3 as your data stream target type, and then click Continue.
  5. Configure your Amazon S3 bucket:
    1. Enter the Amazon S3 bucket name,
    2. Enter the IAM role assumed by Jamf.
    3. Enter the Region for your S3 bucket.
  6. Click Create configuration.
  7. (Optional) In Advanced settings, select JSON or CEF as the message format.

    JSON is used by default.

  8. Use the Enable configuration switch to turn on the data stream.
  9. Click Save.

Events for the data stream type are sent to the configured server in real time.