JAMF parsers overview
This document lists the Jamf parsers that normalizes Jamf product logs into Google Security Operations Unified Data Model (UDM) fields. It provides a high level overview of each Jamf product with its use case scenario.
Configure ingestion of Jamf logs
To ingest the Jamf logs to Google SecOps, click the corresponding ingestion mechanism link from the table and follow the instructions provided with each parser.
Jamf products and description
The following table lists the Jamf parsers that Google SecOps supports. It also lists the corresponding ingestion label for each parser along with their individual product description. You can click the ingestion mechanism link provided with each parser to view the the detailed steps of ingestion mechanism to be followed. To view the mapping reference documentation of the parser, click the corresponding parser name from the table.
| Product Name | Ingestion label | Product Description |
|---|---|---|
Jamf Protect |
JAMF_PROTECT |
Jamf Protect is an endpoint protection platform that uses a native macOS agent to perform Next-Generation Antivirus, behavioral detection (EDR), and security compliance checks.
Jamf Protect Ingestion Mechanism |
Jamf Telemetry |
JAMF_TELEMETRY |
Jamf Telemetry ingests the legacy stream of raw macOS audit data, historically generated by the Compliance-Reporter agent. This stream is typically used for general compliance logging and maintaining historical data pipelines.
Jamf Protect Telemetry Ingestion Mechanism |
Jamf Protect Telemetry V2 |
JAMF_TELEMETRY_V2 |
Jamf Protect Telemetry V2 collects granular, structured macOS endpoint activity logs using the macOS Endpoint Security Application Programming Interface. This stream provides deep contextual data on process execution, authentication, and persistence for proactive threat hunting and forensic reconstruction.
Jamf Protect Telemetry V2 Ingestion Mechanism |
Jamf Threat Events |
JAMF_THREAT_EVENTS |
Jamf Threat Events ingests a high-confidence, consolidated stream of security alerts (for example, malware, Command and Control server communication, phishing) from macOS and mobile endpoints. This data is critical for security incident response triage and SOAR workflows.
Jamf Threat Events Ingestion Mechanism |
Need more help? Get answers from Community members and Google SecOps professionals.