CSV Format Validation
| Header Column Name | Accepted Values | Notes |
|---|---|---|
Resource | Any IP, URL, domain or subdomain | The following Resource Sanitization section contains the accepted values and the sanitization that may be performed on entries. |
Action | "Block" or "Allow" | Specify whether a resource should be blocked or allowed by entering the appropriate value. |
Threat category | For the Block action, enter one of the following: "Phishing", "Spam", "Malware Network Traffic", "Cryptojacking", "Third Party App Store Traffic". For the Allow action, leave blank. | This is the threat category under which the resource will be detected. |
Validation errors | N/A | This header column is added if any entries fail validation. This will inform you which entries need to be fixed before you re-upload the CSV file. |
The rows in the CSV file are processed in sequential order. If the values in a higher row are contradicted by those of a lower row, the lower row takes precedence. For example, if domain www.example.com is listed as blocked in row 4 of the CSV file, but allowed in row 22, then the domain will be allowed.
Resource Sanitization
Jamf automatically sanitizes uploaded entries to make them compatible for use in Custom Threat Intelligence. The following will be removed from a network resource entry if they are unnecessary or invalid:
URI schemes
Ports
URI query part and anchors
Trailing dots in the root domain
Leading "www" subdomains
See the following table for examples of sanitized entries:
| Example Uploaded Resource | Sanitized |
|---|---|
example.com/ | example.com |
www.example.com | example.com |
http://sub1.example.com:8080/ | sub1.example.com |
http://sub1.sub2.example.com/path?param=value#anchor | sub1.sub2.example.com/path |
172.255.123.58 | 172.255.123.58 |
2001:0db8:85a3:0000:0000:8a2e:0370:7334 | 2001:0db8:85a3:0000:0000:8a2e:0370:7334 |
https://[2001:db8:85a3:8d3:1319:8a2e:370:7348]:443/ | 2001:db8:85a3:8d3:1319:8a2e:370:7348 |
Sanitization may result in similar resources being grouped together and the total number of entries in the uploaded CSV file might not be equal to the total number of entries shown in Jamf Security Cloud.
Punycode domains are currently not supported in Custom Threat Intelligence. If you require support for them, contact Jamf Support.