The alerts schema associated with the managed and custom threat prevention strategies adheres to the universal data model (UDM). If you export alerts and information to third-party tools, such as a SIEM, you should evaluate the alert JSON code and make updates to mapped SIEM fields if necessary.
For more information see the Jamf Protect Data Model Documentation.
To view an example of the updated alert JSON schema see the exec event example in the Jamf Protect Data Model documentation.
Learning Hub Login Required
To access this content, log in to the Jamf Learning Hub with a valid Jamf ID.