Getting Started with Telemetry in Jamf Protect

Jamf Protect Documentation
Solution
Application
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US
Requirements

Jamf recommends testing telemetry with a small selection of computers, prior to deploying it at a wider-scale.

  1. Configure your SIEM integration with Jamf Protect.

    For information about currently supported SIEM tools, see macOS Security Data Integrations by Vendor.

  2. Create a telemetry configuration and assign the categories and log files to monitor.
    For more information, see Telemetry Event Categories and the Jamf Protect Telemetry Data Model Documentation.

    Learning Hub Login Required

    To access this content, log in to the Jamf Learning Hub with a valid Jamf ID.

  3. Assign the telemetry configuration to one or more plans and deploy the plans to the target computers.
  4. Review the data and logs collected by telemetry in your SIEM. Identify what data you find useful and relevant, versus data that is excessive or unnecessary.
  5. If necessary, implement exception sets to help streamline telemetry data collected and reduce the amount of noise or unnecessary data.

    For more information, see Telemetry Exception Rules.

Continue to monitor the telemetry data for your environment to ensure that the exceptions are correctly filtering the desired information.