When mobile security threats are detected by Jamf Protect's endpoint and network security capabilities, you can configure Jamf Security Cloud to ignore certain categories of threats, or manually archive reported threats.
- Ignoring threats
You can opt to ignore specific threats in Jamf Security Cloud under :
On the Event Log page, click View next to the threat, then click Manage Security Policy.
You can subsequently manage these ignored threats in the Ignored tab on the page.
- Archiving threats
You can archive threats in the area in Jamf Security Cloud:
Threats are archived automatically after a preset number of days:
- Network threats: 30 days, except:
- Dangerous Certificate: 180 days
- App threats: 7 days
- Web Content threats: 30 days
- Device threats: 7 days, with the following exceptions:
- Vulnerable OS (minor and major): 30 days
- Out-of-date OS: 30 days
- App Inactivity: 7200 days
After a threat is archived, it is no longer considered active, and is classified as an Archived Threat. If the same threat is detected, and an ignore policy is not configured, a new instance of the threat will appear under the area in Jamf Security Cloud.
Users and admins will not be notified of subsequent detections of the same threat, for example, accessing the same phishing domain, unless previous threats have been archived.