Each data stream you configure in Jamf Security Cloud includes one event type. Event types include:
- Threat events
- The threat events stream contains detected threat events that can be integrated with your preferred security operations solutions. For more information, see Threat Events Stream Dictionary and Threat Events Stream Event Types.
- Network traffic
- The network traffic stream contains network traffic logs that can be integrated with your preferred security or business intelligence tools. Only a Super Admin can enable this integration. For more information, see Network Traffic Stream Dictionary.
- Access events
- The access events stream contains logs about allowed and denied requests from Jamf Connect Zero Trust Network Access (ZTNA) policies. For more information, see Zero Trust Network Access (ZTNA) Events Data Stream in Jamf Connect.
- Device data
- The device data stream contains information about devices that can be integrated with your preferred security or business intelligence tools. Only a Super Admin can enable this integration. For more information, see Device Data Stream Dictionary.
- App insights
- The app insights stream contains information about applications installed on devices that can be integrated with your preferred security or business intelligence tools. Only a Super Admin can enable this integration. For more information, see App Insights Stream Dictionary.
- Vulnerability data
- The vulnerability data stream integrates with third-party Security Information and Event Management (SIEM) products to monitor new, ongoing, and remediated vulnerabilities. It sends information in a JSON format to the linked SIEM about each discovered vulnerability and details about the device where it was found. An example of the data stream structure is available when creating a new vulnerability data stream configuration, under the Advanced settings or Additional information section. Vulnerability data is sent automatically as soon as a detection event occurs. Detection events occur any time Jamf Security Cloud syncs device data with the integrated UEM solution or Jamf Trust. This data stream is only compatible with Apple devices and requires Jamf Trust or a configured UEM integration. For more information, see Vulnerability Data Stream Dictionary.
You can select a stream target for each data stream. Data stream targets include:
Generic HTTP
Generic syslog
Microsoft Sentinel
Customer-owned AWS S3
Jamf-owned AWS S3 (deprecated)