Datadog

Jamf Protect Documentation
Solution
Application
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US

You can use Jamf Security Cloud data streams to send event data to Datadog.

Requirements

You need the Jamf Protect integration installed and the following the following information:

  • Your Datadog intake URL

  • Your Datadog API key

  • Your Datadog application key

To install the integration, navigate to the Integrations page and search for Jamf Protect.

  1. In Jamf Security Cloud, navigate to Integrations > Data Streams.
  2. Click New configuration.
  3. Select a data stream type.

    For more information about data stream types, see Jamf Security Cloud Data Stream Types and Targets.

  4. Select Generic HTTP as your data stream target type, and then click Continue.
  5. Configure your HTTP data endpoint for Datadog:
    1. Enter a configuration name, such as Datadog Threat Events or Datadog Network Traffic.
    2. Set the Protocol to "https".
    3. Enter your Datadog intake URL in the Server Hostname/IP field.
    4. Enter 443 in the Port field.
    5. Enter the specific event endpoint type in theEndpoint field.
      Threat events
      api/v2/logs?ddsource=jamfprotect&service=threatevents
      Network traffic
      api/v2/logs?ddsource=jamfprotect&service=networktraffic
    6. Enter additional HTTP headers.
      Name
      DD-API-KEY
      Value
      <YOUR_DATADOG_ API_KEY>
      Name
      DD-APPLICATION-KEY
      Value
      <YOUR_DATADOG_APPLICATION_KEY>
  6. Click Test configuration.
  7. Use the Enable configuration switch to turn on the data stream.
  8. Click Create configuration.
Your data stream is now sending events to Datadog.

To send different Jamf Security Cloud data stream types, create additional data streams.