One of this year’s JNUC presentations highlights the powerful workflows that users can create by adding Splunk integration to Jamf Pro. Splunk, for those not in the know, is software used to gather aggregate data from disparate systems for the purpose of monitoring and analyzing machine-generated data to create actionable endpoint security management processes.
Splunk’s trio of presenters: Josh Perlman, Sarkis Fesliyan and Lisa Davies discuss several topics that are important to IT, security and management teams working to monitor and perform ongoing management of Apple device deployments. Respectively, the team covers monitoring baselines and compliance to scale, Dashboard basics for the collection and display of crucial metrics from a reporting perspective and observing changes to critical system and device logs to obtain detailed, informative alerts relating to possible security issues as they occur.
Monitoring baseline and compliance to scale: Josh Perlman
Apple computers and mobile devices have a plethora of metrics that provide detailed information as to device health, security concerns and benchmarking device performance. But which ones should your organization be collecting? Well, that ultimately depends on the needs of your organization, but Josh discusses some of the finer points regarding which metrics provide the greatest level of critical data and how that data aligns with CIS Benchmarks when determining how to best maintain endpoint security and compliance regulations as part of a comprehensive device protection plan.
Jamf Pro & Splunk dashboard basics: Sarkis Fesliyan
What problem does Splunk solve? Splunk dashboards pull in multiple, linked data points into one central view to display how the information seamlessly works together to paint a comprehensive picture in greater visual detail. Among the many use cases demoed by Sarkis in the session, one of the more ingenious views displays all devices broken down into their respective patch levels and overlayed on a global map to show the unique statuses of each device, as well as where they’re located. This provides IT and security teams a thorough readout of device health and compliance levels relative to their physical location at a glance while allowing teams to pivot as needed to address shortcomings, such as bringing certain devices in specific regions into compliance with that country’s unique regulations, like GDPR, for example.
Jamf Pro observability: Lisa Davies
But how does Splunk stack up with security issues, you ask? According to Lisa, quite well. In fact, the session demonstrates real-time communication between Jamf Pro’s API and Splunk to parse Access logs, giving admins a detailed view of account login success (and failures), account usage frequency and critical values, such as timestamps, providing scope to which modifications were made. Among other examples, Splunk demonstrates how IT admins develop automated workflows that leverage Jamf Pro to execute actionable processes that incorporate data obtained by Splunk. From alerting admins of suspicious activity to taking proactive remediating actions for issues that fall out of scope with pre-determined baselines, risk is effectively mitigated before threat actors have a chance to exploit them.
Visit the Jamf Marketplace for access to this and other powerful software integration options.