Detection triage with Jamf for the Mac admin

Investigating a security alert

In this talk we will cover how a security alert on a Mac is commonly structured, how to interpret alert information, and how to approach the investigation and triage. Here you will see how to gather data on macOS (including Jamf Protect), learn about the kill chain for attacks on macOS, identify critical data to collect for incident analysis and understand how to approach automatic vs manual data gathering for incident analysis.