Splunk

Jamf Protect Documentation

Solution

Application

Content Type

Technical Documentation

Utilities & Services

ft:locale

en-US

You can send macOS Security data to Splunk by setting up an HTTP event collectors and tokens in Splunk, and then adding your Splunk endpoint to the macOS Security portal in an action configuration.

This integration involves:

Installing the Jamf Protect Add-on for Splunk
Creating HTTP Event Collectors and Tokens in Splunk
Creating an Jamf Protect Action Configuration for Splunk
Searching macOS Security Data in Splunk

This is an example of the Jamf Protect add-on configured within Splunk.

The Jamf Protect add-on for Splunk's dashboard displaying event data metrics.