The Shared Signals Framework (SSF) is an open specification that facilitates communication between a transmitter and a receiver. Using the SSF stream, organizations can integrate Jamf Security Cloud with third-party security vendors to continuously share changes in device vulnerability.
Jamf transmits webhooks via the SSF stream for the two events below.
- RISK_LEVEL_CHANGED
- Based on known vulnerabilities, Jamf Security Cloud assigns devices a risk level of Secure, Low, Medium, or High. When a device's risk level changes, Jamf Security Cloud sends a webhook to the SSF receiver. The webhook includes previous risk level, current risk level, and additional identifying information about the impacted device and user.
- DEVICE_COMPLIANCE_CHANGE
- When Jamf Pro detects a change in device compliance, Jamf Security Cloud sends a webhook to the SSF receiver. This webhook conforms to the continuous access evaluation profile (CAEP) protocol structure.