If you send your macOS Security data to an HTTP data endpoint, you can configure data batching. Data batching allows you to send data from computers to an HTTP endpoint in fewer HTTP requests.
Jamf sets default data batching values that are suitable for most environments, but you may need to customize these values if your environment has any of the following conditions:
- Your SIEM solution specifies batching requirements for data sent via HTTP.
- You observe performance issues with the default settings set by Jamf.
- Your environment requires specific batch sizes or delimiters.
- You need to optimize data transmission rates.
Data batching settings are:
| Setting | Description | Default |
|---|---|---|
| Events per batch | The maximum amount of macOS Security event entries in an HTTP request. | 1 |
| Batching window | The maximum time, in seconds, that can occur between when an event occurs and when it is sent. | 0 |
| Event delimiter | A value to use to separate events. | \n |
| Size of batch | The maximum HTTP request size, in bytes (such as 8000). | Not set |
When customizing data batching, keep the following in mind:
- Test and monitor your data collection and endpoint activity carefully.
- When you save changes, any computers that are assigned the action configuration via a plan will automatically receive the data batching updates.
- If you need to reset these values to Jamf's default values, click Reset to default and then re-save the action configuration.
- Consult your SIEM documentation and administrator to help determine the best data batching values for your organization.
- Review and employ other macOS Security features that optimize data collection, such as exception sets.
For more information, see Exception Sets for macOS Security.