Jamf Protect

Version: 1.1
Updated: Jun 15, 2023

Jamf Protect is a purpose-built endpoint security and mobile threat defense (MTD) for Mac and mobile devices.

Actions

• List Alerts (Enrichment) - List alerts with possibility to filter alerts created over specified time.
• List Computers (Enrichment) - Retrieve a list of all computers.
• List Plans (Enrichment) - Retrieve a list of plans.
• Set Computer Plan (Containment) - Set a computer plan.
• Update Alerts Status (Containment) - Update alert status.
• Get Alerts (Daemon) - Get new alerts. Rule should be set Process from First Item . The first time the Daemon is run it will return alerts from one day before.

Jamf Protect configuration

1. Log in to Jamf Protect.
2. Click on Administrative on the left menu.
3. Create API Client and click Save.
   
4. Copy API Client Password.
5. Copy Client ID in API Client Configuration

Jamf Protect in Automation Service and Cloud SOAR

1. Access integrations in the Automation Service or Cloud SOAR.
2. After the list of the integrations appears, search/look for the integration and click on the row.
3. The integration details will appear. Click on the "+" button to add new Resource.
   
4. Populate all the required fields (*)
   • API URL. 'https://your-tenant.protect.jamfcloud.com'.
   • Client ID. Insert copied Client ID.
   • Password. Insert copied Password.
5. Click Save.
   
6. To make sure the resource is working, hover over the resource and then click the pencil icon that appears on the right.
   
7. Click TEST SAVED SETTINGS.
   
8. You should receive a successful notification in the bottom right corner.
   

Change Log

• February 2, 2023 - First upload
• June 15, 2023 (v1.1)- Updated the integration with Environmental Variables