Threat Events Stream Event Types

Jamf Protect Documentation
Solution
Application
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US

Event TypeEvent and Name (in CEF Header)EventId (in CEF Header)
MALICIOUS_APP_IN_INVENTORYMalware101
ADWARE_APP_IN_INVENTORYMalware101
BANKER_MALWARE_APP_IN_INVENTORYMalware101
POTENTIALLY_UNWANTED_APP_IN_INVENTORYMalware101
RANSOMWARE_APP_IN_INVENTORYMalware101
ROOTING_MALWARE_APP_IN_INVENTORYMalware101
SMS_MALWARE_APP_IN_INVENTORYMalware101
SPYWARE_APP_IN_INVENTORYMalware101
TROJAN_MALWARE_APP_IN_INVENTORYMalware101
THIRD_PARTY_APP_STORES_IN_INVENTORYThird-Party App Stores Installed102
ADMIN_APP_IN_INVENTORYDevice Admin App Installed103
SIDE_LOADED_APP_IN_INVENTORYSideloaded App Installed104
VULNERABLE_APP_IN_INVENTORYVulnerable App105
SSL_TRUST_COMPROMISEDangerous Certificate201
JAILBREAKJailbreak/Root202
IOS_PROFILERisky iOS Profile203
OUTDATED_OSVulnerable O/S204
OUTDATED_OS_LOWVulnerable O/S205
OUT_OF_DATE_OSOut-Of-Date OS213
LOCK_SCREEN_DISABLEDLock screen disabled206
STORAGE_ENCRYPTION_DISABLEDDevice encryption disabled207
UNKNOWN_SOURCES_ENABLEDUnknown app sources enabled208
DEVELOPER_MODE_ENABLEDDeveloper mode enabled209
USB_DEBUGGING_ENABLEDUSB debugging enabled210
USB_APP_VERIFICATION_DISABLEDUSB app verification disabled211
FIREWALL_DISABLEDFirewall Disabled214
USER_PASSWORD_DISABLEDUser Password Disabled215
ANTIVIRUS_DISABLEDAntivirus Protection Disabled216
APP_INACTIVITYInactive Device - App217
MISSING_ANDROID_SECURITY_PATCHESAndroid security patches missing212
ACCESS_SPAM_HOSTRisky Host/Domain - Spam301
ACCESS_PHISHING_HOSTRisky Host/Domain - Phishing302
ACCESS_BAD_HOSTRisky Host/Domain - Malware303
RISKY_APP_DOWNLOADThird-Party App Store Traffic304
ACCESS_CRYPTOJACKING_HOSTRisky Host/Domain - Cryptojacking305
SSL_MITM_TRUSTED_VALID_CERTMan-in-the-Middle401
SSL_MITM_UNTRUSTED_VALID_CERTMan-in-the-Middle401
SSL_STRIP_MITMMan-in-the-Middle401
SSL_MITM_UNTRUSTED_INVALID_CERTRisky Hotspot402
SSL_MITM_TRUSTED_INVALID_CERTRisky Hotspot402
LEAK_CREDIT_CARDCredit Card Leak501
LEAK_PASSWORDPassword Leak502
LEAK_EMAILE-Mail Address Leak503
LEAK_USERIDUsername Leak504
LEAK_LOCATIONLocation Leak505