Overview

JumpCloud is a cloud directory service that securely manages and connects users to their IT resources. This includes the following:

  • Systems: Mac, Windows, and Linux

  • Servers: on-prem and cloud

  • Applications: LDAP and SAML based

  • Productivity Suites: G Suite and Office 365

  • File Storage: physical and virtual

  • Networks: Wired and wireless via RADIUS

Supported Data Types

  • JumpCloud Directory Insights - The Directory Insights provide audit logs of the activity of users in all platforms connected to JumpCloud. More information on the event types can be found here.

Hunters Ingestion

API Ingestion

To enable Hunters collection of JumpCloud logs for your tenant, the JumpCloud API Key needs to be provided to Hunters, following the next steps:

  1. As an Administrator or Command Runner, login to JumpCloud

  2. Enter the account email address displayed at the top-right and select API Settings... from the drop-down.

  3. Your API key will be displayed in the resulting dialogue.

  4. The permission needed for the Hunters integration is ["directoryinsights.readonly"].

    1. More information on JumpCloud API authentication can be found here.

For more information on the JumpCloud API Keys - https://support.jumpcloud.com/s/article/jumpcloud-apis1

Storage Ingestion

Alternatively, you can collect the JumpCloud logs from your network to an S3 bucket shared with Hunters. The expected format of the logs is the NDJson format as exported by JumpCloud.

Directory Insights log sample
{"initiated_by": {"type": "user", "username": "user_sample"}, "geoip": {"country_code": "AE", "timezone": "Asia/Dubai", "latitude": xx.xxxxx, "continent_code": "AS", "region_name": "Dubai", "longitude": yy.yyyyy, "region_code": "DU"}, "message": "User user_sample logged in from (unknown), process name: ", "system": {"hostname": "other_user-MacBook-Air.local", "displayName": "other_user-MacBook-Air.local", "id": "654134sdfg897g"}, "event_type": "login_attempt", "service": "systems", "success": true, "organization": "654134sdfg897g", "@version": "1", "system_timestamp": "2022-11-14T03:53:05Z", "client_ip": "x.x.x.x", "id": "654134sdfg897g", "timestamp": "2022-11-14T03:53:40.449220296Z", "username": "user_sample"}
CODE