You can configure computers with Jamf Protect to report as much or as little security data that you need and only to the locations that meet your organization's compliance standards.
Data collected by the Jamf Protect app can be collected and stored using these configuration options:
Action configurations
Action configurations send data from a computer directly to an endpoint. Data endpoints you can send data to with action configurations include:
Jamf Protect Cloud —Collects and stores data in the Jamf Protect Cloud. Alert data is visible directly in the macOS Security portal. To view telemetry and unified log data stored in the Jamf Protect Cloud, you must setup data forwarding.
HTTP —Sends data from macOS computers to an available HTTP endpoint URL from a SIEM solution.
Log file —Writes all data to a log file at a specified location on computers. Only one log file endpoint is allowed per action configuration.
Syslog —Sends data to a Syslog server, a standardized protocol for receiving messages that relies on an aggregate of various systems' messages consolidated into a centralized server for distribution. Messages typically are used for system management, monitoring, and security auditing. Syslog messages can contain a variety of log message syntax, but they usually are formatted using basic structure such as header, message severity levels, message text, and timestamp. Syslog transport protocols can use encryption.
Kafka —Sends data to a Kafka server, a distributed streaming platform that uses a subscriber model to listen to specific data topics from a centralized cluster. Kafka messages consist of standardized logs and can also be encoded using formats such as JSON and Avro. Messages are designed for real-time processing. Kafka provides additional durability with configurable data retention and redundancies within the cluster for persisted data. Kafka can use data encryption with x.509 certificates.
For more information about action configurations, see Actions.
Data forwarding
Data forwarding sends data, already collected by the Jamf Protect Cloud, to another third party storage solution. Solutions that you can forward data to include:
Microsoft Sentinel —Forwards data from Jamf Protect Cloud to Microsoft Sentinel
Amazon S3 —Forwards data from Jamf Protect Cloud to an Amazon S3 bucket
The following diagram shows several data collection scenarios that you can configure:
