Jamf is the most prominent way to manage MacOS devices in an enterprise organization. As such, logs pulled from the Jamf API provide important information regarding the organizational MacOS devices being used, which is all the more important as these MacOS endpoints are usually not a part of a managed Active Directory network (as opposed to Windows enterprise fleets).
For example, the Jamf Computers API allows establishing a contextual list of all endpoints belonging to the organization, which enables detection of access to organizational resources or SaaS applications done from an unmanaged device.
Additional important contextual information pulled from the Jamf API includes user lists, policies, managed scripts, network segments and more.
Supported data types
To enable Hunters collection of Jamf logs for your tenant, you will need to provide Hunters credentials, as you can see in the credentials sample below, via Hunters' portal.
Alternately , you can collect the Jamf logs from your network to a Storage Service (e.g. to an S3 bucket or Azure Blob Storage) shared with Hunters.
If you choose the first alternative, you should follow the prerequisites detailed bellow:
In order to intergate your JAMF instance with Hunters, you will need to follow these steps in order to create an appropriate user and an API key.
Login to jamf and go to the Settings section.
Go to Accounts. it can be found in All settings or System Settings tabs and under Jamf Pro User Accounts & Groups.
Add a new user.
Choose create account. Select Create Standard Account, and then click Next.
Fill out the new user account form. Please make sure that:
Access level is Full Access
Privilege Set is Auditor
Access Status is Enabled
Copy the Username and Password for the next stage and click save.
Get API domain - copy the api host address from your browser address bar when in the jamf console.