You can send macOS Security data to Elastic by forwarding data from Jamf Protect Cloud to Amazon S3.
Requirements
In Elastic, install and enable the Jamf Protect integration for Elastic and choose collect logs using Amazon S3. For instructions, see Installing and Enabling the Jamf Protect Integration for Elastic.
In the macOS Security portal, set up data forwarding to an Amazon S3 bucket. For instructions, see Forwarding macOS Security Data to Amazon S3.
Note:
Data forwarding requires your macOS Security data to be stored in the Jamf Protect Cloud. In your macOS Security action configurations, make sure the data types you want to forward are collected by Jamf Protect Cloud.