Data Streams for Jamf Security Cloud

Jamf Protect Documentation
Solution
Application
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US

Jamf Security Cloud's data streams allow organizations to stream, record, and review events that are processed by the service's infrastructure via third-party log aggregators and analytics tools.

Data streams can send events in real-time in these formats:

  • Common Event Format (CEF)-encoded syslogs

  • JSON-encoded HTTP events

You can also choose to send CEF events to an Amazon Web Services (AWS) S3 bucket, to be imported into your Security Information and Event Management (SIEM) service; however, the AWS S3 bucket is only available for the low traffic data streams, such as threat events stream, and is limited to one AWS bucket per customer. The stream is protected with Transport Layer Security (TLS).
Note:

To maintain the efficiency of our data streaming feature, any stream that consistently exhibits a high failure rate will be automatically disabled.

Event data from data streams can be exported in real-time to other tools or locations. For example, you can send all data to a central server where you can filter and forward data for analysis.

You can also select which data fields are sent in an event message when using CEF/Syslog. Each message corresponds to a specific event depending on the stream. You can preview an example CEF syslog message or JSON HTTP message during stream configuration in Advanced information configuration pane.

To configure a data stream, navigate to Integrations > Data Streams in Jamf Security Cloud.

Note:

If this feature is not enabled in your Jamf Security Cloud portal, contact Jamf Support.