Jamf Protect Open Source Repository

All resources contained in this repository are provided as-is and are not officially supported by Jamf Support.

Are you looking to enhance or customize your macOS incident response capabilities? Extend the power of Jamf Protect integrations and workflows across your existing toolsets? Help build bridges between your Security, Device Management, and Network teams?

Check out this collection of tested open source playbooks, integrations, scripts and workflows that can extend Jamf Protect’s vision for better macOS endpoint security.

If you’ve been looking for a way to get started or take steps beyond the admin guide - the Jamf Protect Open Source Repository is here for you!

We’ve got you covered with real examples that can be adapted in any Jamf Protect tenant for the following areas, and more:

• Custom Analytics
  • Custom Analytic predicates to extend the behavioural detection capability of Jamf Protect.
• Unified Log Filters
  • Unified Log filter predicates to streamline rich system, user, application and network activity data from endpoints to a nominated Security Information and Event Management (SIEM) or third-party data storage tool.
• Jamf Protect API Scripts
  
  • Jamf Protect's GraphQL API can be used to streamline endpoint and configuration management, compliance reporting and general tenant management.
• SOAR Playbooks
  • Leverage the powerful integration between Jamf Protect and Jamf Pro to streamline remediation of security incidents on managed endpoints through automation.
• Third Party Integrations
  • Jamf Protect is able to integrate with many 3rd party solutions - examples and workflows are provided in this section like forwarding data to Microsoft Sentinel or Splunk and providing example workbooks or dashboards.
• Jamf Pro Extension Attributes
  • Extend Jamf Pro's natively inventory reporting capabilities with customisable data collection regarding Jamf Protect, enabling powerful remediation and conditional access workflows through device management.