You can configure Jamf Protect to send data to one or more data endpoints, such as your organization's security information and event management (SIEM) solution.
Jamf Protect's macOS Security portal can integrate with most SIEM solutions that can receive data in JSON format via HTTP. Setting up a SIEM integration generally involves these steps:
In your SIEM solution, identify or create an HTTP endpoint and additional HTTP headers, if required, that can receive JSON data from Jamf Protect. Consult your SIEM solution's administrator and documentation to complete this step.
In the macOS Security portal, create or edit an action configuration to include an HTTP data endpoint and any HTTP headers. You can use a single data endpoint for all macOS Security data types, or you can configure different or multiple endpoint combinations to meet your organization's needs. For more information, see macOS Security Data Types.
Add the action configuration to one or more Jamf Protect plans for deployment to computers in your environment.