Jamf Blog
October 21, 2021 by Jesus Vigo

Jamf Pro asset & security observability with Splunk

Integrating Jamf Pro with existing technologies, such as Splunk, can not only extend capabilities, but it can also introduce a world of options to work smarter, not harder. Gain visibility by gathering device logging data and analyzing it for potential issues allows IT and Security teams to proactively assess concerns before they turn into incidents.

One of this year’s JNUC presentations highlights the powerful workflows that users can create by adding Splunk integration to Jamf Pro. Splunk, for those not in the know, is software used to gather aggregate data from disparate systems for the purpose of monitoring and analyzing machine-generated data to create actionable endpoint security management processes.

Splunk’s trio of presenters: Josh Perlman, Sarkis Fesliyan and Lisa Davies discuss several topics that are important to IT, security and management teams working to monitor and perform ongoing management of Apple device deployments. Respectively, the team covers monitoring baselines and compliance to scale, Dashboard basics for the collection and display of crucial metrics from a reporting perspective and observing changes to critical system and device logs to obtain detailed, informative alerts relating to possible security issues as they occur.

Monitoring baseline and compliance to scale: Josh Perlman

Apple computers and mobile devices have a plethora of metrics that provide detailed information as to device health, security concerns and benchmarking device performance. But which ones should your organization be collecting? Well, that ultimately depends on the needs of your organization, but Josh discusses some of the finer points regarding which metrics provide the greatest level of critical data and how that data aligns with CIS Benchmarks when determining how to best maintain endpoint security and compliance regulations as part of a comprehensive device protection plan.

Jamf Pro & Splunk dashboard basics: Sarkis Fesliyan

What problem does Splunk solve? Splunk dashboards pull in multiple, linked data points into one central view to display how the information seamlessly works together to paint a comprehensive picture in greater visual detail. Among the many use cases demoed by Sarkis in the session, one of the more ingenious views displays all devices broken down into their respective patch levels and overlayed on a global map to show the unique statuses of each device, as well as where they’re located. This provides IT and security teams a thorough readout of device health and compliance levels relative to their physical location at a glance while allowing teams to pivot as needed to address shortcomings, such as bringing certain devices in specific regions into compliance with that country’s unique regulations, like GDPR, for example.

Jamf Pro observability: Lisa Davies

But how does Splunk stack up with security issues, you ask? According to Lisa, quite well. In fact, the session demonstrates real-time communication between Jamf Pro’s API and Splunk to parse Access logs, giving admins a detailed view of account login success (and failures), account usage frequency and critical values, such as timestamps, providing scope to which modifications were made. Among other examples, Splunk demonstrates how IT admins develop automated workflows that leverage Jamf Pro to execute actionable processes that incorporate data obtained by Splunk. From alerting admins of suspicious activity to taking proactive remediating actions for issues that fall out of scope with pre-determined baselines, risk is effectively mitigated before threat actors have a chance to exploit them.

Visit the Jamf Marketplace for access to this and other powerful software integration options.

Register for JNUC to access this session as well as the other sessions on-demand.

Integrate useful tools with your Jamf Pro instance to create smarter, more powerful workflows to manage your Apple fleet.

Request a trial today or contact your preferred representative for more information.

Photo of Jesus Vigo
Jamf
Jesus is a Copywriter, Security focused on expanding the knowledge base of IT, Security Admins - generally anyone with an interest in securing their Apple devices - with Apple Enterprise Management and the Jamf solutions that will aid them in hardening the devices in the Apple ecosystem.
Browse Blog
by Category:
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.