Creating a Telemetry Configuration

Jamf Protect Documentation
Solution
Application
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US

You can create telemetry configurations to control the host device activity which monitors and reports telemetry data for Jamf Protect.

Note:

This topic describes configuring the latest version of telemetry, which uses the macOS Endpoint Security API for system event monitoring. Jamf recommends the latest version of telemetry for most users.

Network telemetry will be added at a later date. If you need network information, create a deprecated telemetry configuration. See (Deprecated) Creating a Telemetry Configuration for more information.

For information about migrating from deprecated telemetry to the latest version, see Migrating from Jamf Protect's Deprecated Telemetry.

  1. In Jamf Protect, click Telemetry.
  2. Click Create Telemetry.
  3. Enter a name for the telemetry configuration in the Name field.
  4. (Optional) Enter a description.
  5. Select the event categories to include in the configuration.

    For information about the different logging categories, see Telemetry Event Categories.

  6. (Optional) Select File hashes to enable computation and reporting of file hashes for process executable files in telemetry events that provides additional information for security investigations and tracking unique executables present in your environment.
  7. (Optional) In the Simple log file collection field, add additional file paths to log files that you want to collect from computers.

    You can add multiple log files. When telemetry is first enabled, Jamf Protect collects all specified log files and then continuously streams any new lines in the log file to your SIEM every minute.

  8. Click Save.
The telemetry configuration is available for deployment via a Jamf Protect plan.

To add a telemetry configuration to a plan for deployment, go to the Plans page, create or edit a plan, and then choose the telemetry configuration from the Telemetry pop-up menu.

To configure where telemetry data on computers is collected, configure an action configuration. For more information, see Actions.