Data Forwarding to a Third Party Storage Solution

You can forward data collected by the Jamf Protect Cloud to the following third party storage solutions:

  • Amazon S3

  • Microsoft Azure Sentinel

Only data that is sent to the Jamf Protect Cloud via an action configuration (alerts and unified logs) can be forwarded to supported third party storage solutions.

Setting Up Data Forwarding to Amazon S3

You can forward data collected by the Jamf Protect Cloud to an Amazon S3 bucket.

Requirements
  • Computers that are configured to send data (via an action configuration) to the Jamf Protect Cloud.

  • An Amazon S3 bucket to store your Jamf Protect data

  • An identity access management (IAM) role with the following:

    • Permission to upload Jamf Protect data to an Amazon S3 bucket

    • Jamf's AWS account as a trusted entity

Note:

If you do not have an Amazon S3 bucket or you want to create a dedicated S3 bucket for Jamf Protect, you can use the Jamf-provided AWS CloudFormation template to create a new S3 bucket and the IAM role for Jamf Protect. For more information about AWS CloudFormation templates, see Working with AWS CloudFormation templates in Amazon's AWS CloudFormation User Guide.

  1. (Optional) If you want to create an S3 bucket using the Jamf-provided CloudFormation template, do the following:
    1. Download the template file by clicking the AWS CloudFormation Template download link in the information panel.
    2. Upload the template file to your AWS environment.
 For instructions, see the Selecting a stack template in Amazon's AWS CloudFormation User Guide.
  2. In Jamf Protect, click Administrative > Data
  3. Use the Amazon S3 Forwarding switch to enable data forwarding.
  4. Select the Encrypt Forwarded Data checkbox to ensure all data forwarded from the Jamf Protect Cloud is encrypted.
  5. Enter the name of an Amazon S3 bucket to send data to.
  6. (Optional) Enter a prefix name to use for all forwarded Jamf Protect data objects.
  7. Enter the IAM Role that Jamf Protect will assume when it forwards data to your Amazon S3 bucket. This value should be in Amazon Resource Name (ARN) format.
    Example:

    arn:aws:iam::123456789012:role/S3Access

  8. Click Save.

Any data that is sent to Jamf Protect Cloud will now be forwarded to the Amazon S3 bucket.

Setting Up Data Forwarding to Azure Sentinel

You can forward data collected by the Jamf Protect Cloud to your organization's Microsoft Azure Sentinel workspace.

Requirements
  • Computers that are configured to send data (via an action configuration) to the Jamf Protect Cloud.

  • Access to a Log Analytics workspace for Azure Sentinel

  1. In Microsoft Azure, do the following to obtain the values you need to set up data forwarding:
    1. Navigate to your Log Analytics workspace for Azure Sentinel.
    2. Click Agents management in the sidebar.
    3. Locate the Workspace ID and the Primary Key or Secondary Key values, which you will need to copy and paste into Jamf Protect.
  2. In Jamf Protect, click Administrative > Data
  3. Use the Azure Sentinel Forwarding switch to enable data forwarding.
  4. Copy and paste the Workspace ID value from Azure Sentinel into the Workspace ID field.
  5. Copy and paste the Primary Key or Secondary Key value from Azure Sentinel into the Client Authentication Key field.
  6. Enter a value such as jamfprotect into the Log field.

    This value will be used to identity logs from Jamf Protect in Azure Sentinel.

    Important:

    Do not use space, @, #, $, %, - or other special characters in the value field.

  7. Choose azure.com or azure.us from the Azure Domain pop-up menu.

    Make sure to use the option that matches your organization's Azure domain URL.

  8. Click Save.

Any data that is sent to the Jamf Protect Cloud will now be forwarded to Azure Sentinel.