Skip to main contentSkip to search
Powered by Zoomin Software. For more details please contactZoomin
Jamf Learning HubJamf Learning Hub
Learning Hub
Jamf Learning Hub
  • Home
  • Publications
  • EnglishDeutschEspañolFrançais日本語Nederlands繁體中文
  • Login

Jamf Protect Documentation

Configuring the Threat Events Stream for Splunk

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
Contents
  • Jamf Protect Documentation
  • About Jamf Protect
    • System Requirements
    • Network Communication used by the macOS Security Portal
    • Security Standards in the macOS Security Portal
    • Complying with GDPR Requests in macOS Security
  • macOS Security Portal
    • Setting Up Your Portal
      • Creating Users in the macOS Security Portal
        • Single Sign-On (SSO) in Jamf Account
      • User Roles and Groups in macOS Security
      • Email Notifications for macOS Security
    • Agent Overview
    • Dashboards
    • Deployment
      • Deploying Jamf Protect
      • Jamf Protect Updates
      • Uninstalling Jamf Protect
      • protectctl Command-Line Tool
    • Data Integrations
      • macOS Security Data Types
      • Data Stream Integrations by Vendor
        • Amazon S3
        • Datadog
        • Elastic
        • Google Security Operations
          • Creating an Ingestion Feed in Google SecOps Using a Webhook
          • Creating an Ingestion Feed in Google Security Operations Using Amazon S3
        • Microsoft Sentinel
          • Migrating from Deprecated Microsoft Sentinel Data Forwarding
        • Splunk
        • Sumo Logic
    • Jamf Protect API
      • Jamf Protect API
      • Setting Up an API Environment in Altair GraphQL Client
      • GraphQL Schema and Documentation
      • Queries and Mutations
      • API Scripts
    • Compliance Baseline for macOS
      • Compliance Workflow Example
      • Enabling Compliance Baseline Reporting in a Jamf Protect Plan
      • Compliance Baseline Summary
    • Computer Management
    • Alerts for macOS Security
      • macOS Security Alerts and Logs Dictionary Reference
    • Analytics
      • Jamf-Managed Analytics
      • Creating Custom Analytics
      • Creating Analytic Sets
      • Analytic Chains
      • Analytic Settings
      • Setting Up Analytic Remediation With Jamf Pro
    • Plans
      • Jamf Protect Plans in Jamf Pro
      • Creating a Jamf Protect Plan
      • Switching from Manually Uploaded Jamf Protect Plans to Synced Plans in Jamf Pro
    • Actions
      • Creating an Action Configuration in the macOS Security Portal
      • macOS Security Data Batching for HTTP Endpoints
      • macOS Security Action Configuration Settings Reference
    • Threat Prevention
      • Advanced Threat Controls
      • Tamper Prevention
        • Enabling Tamper Prevention with Jamf Protect
        • Making Jamf Protect a Non-Removable System Extension
      • Endpoint Threat Prevention
      • Custom Prevent Lists
      • Web Protection
    • Exceptions
    • Device Controls
    • Unified Logging for macOS
    • Telemetry for macOS
      • Getting Started with Telemetry in Jamf Protect
      • Migrating from Jamf Protect's Deprecated Telemetry
      • Telemetry Event Categories
      • Creating a Telemetry Configuration
      • Telemetry Exception Rules
      • Telemetry Optimization
        • Summarization for Telemetry Events
        • Simple Log File Collection
      • (Deprecated) Creating a Telemetry Configuration
        • (Deprecated) Collecting Performance Metrics
        • (Deprecated) Telemetry Log Levels
        • (Deprecated) Optimizing Log Volume
          • Telemetry Diagnostic and Crash File Collection
        • (Deprecated) Telemetry Log Field Descriptions
        • (Deprecated) Telemetry Log Data Examples
    • Administrative Settings
      • Change Management
      • Data Retention
      • Audit Logs
  • Jamf Security Cloud Portal
    • Deploying Content Controls and Network Security Capabilities
      • Creating an Activation Profile for Content Controls and Network Security
      • Distribution Methods for the Jamf Trust App
    • Data Streams for Jamf Security Cloud
      • Jamf Security Cloud Data Stream Types and Targets
      • Configuring Root Level Integration to Export Logs for Data Streams
      • Data Stream Configuration by Target
        • Generic HTTP
        • Generic Syslog
        • Microsoft Sentinel
        • Jamf-Owned AWS S3
        • Customer-Owned AWS S3
        • Data Stream Configuration Errors
      • Data Stream Integrations by Vendor
        • Elastic
          • Configuring the Threat Events Data Stream for Elastic
          • Configuring the Network Traffic Data Stream for Elastic
        • Datadog
        • IBM QRadar via AWS S3
          • Uploading the Jamf Security Cloud CEF Log File Extension for IBM QRadar
          • Configuring the Jamf Security Cloud Log Source for IBM QRadar
        • Microsoft Cloud App Security
        • Splunk
          • Configuring the Threat Events Stream for Splunk via Syslog
          • Configuring the Threat Events Stream for Splunk via HTTP Event Collector
          • Configuring the Threat Events Stream for Splunk via AWS S3
            • Configuring the Splunk Add-On for AWS
            • Importing Jamf Security Cloud Events into Splunk
        • Sumo Logic
        • Workspace ONE Intelligence
      • Data Stream Dictionary References
        • Network Traffic Stream Dictionary
        • Threat Events Stream Dictionary
          • Threat Events Stream Event Types
        • Device Data Stream Dictionary
        • App Insights Stream Dictionary
        • Vulnerability Data Stream Dictionary
    • Internet Content Filtering and Usage Controls
      • Requirements
      • Content Filtering Policy
        • Content Filtering Policy Controls
        • Content Filtering Policy Schedules
        • Configuring your Content Filtering Policy
        • Common Content Filtering Policy Rules
        • Content Filtering Policy Categories
      • Data Usage Policy
        • Data Usage Policy Settings
        • UEM Signaling
          • UEM Tags
          • Configuring UEM Signaling to Control Tethering via Jamf Pro
          • Configuring UEM Signaling to Control Tethering via Microsoft Intune
          • Configuring UEM Signaling to Control Tethering via Workspace ONE
          • Configuring UEM Signaling to Control Tethering via Ivanti Neurons for MDM
        • Data Counting
      • Contextual Policy
      • Notifications
        • Recommended Settings
      • Restricting Mobile Hotspot Devices to Only Associated Windows Devices
      • Exporting a Report for All Devices or Selected Devices
      • Internet Reports
    • Endpoint and Network Security
      • Requirements
      • Threat Prevention Policy
        • Configuring your Threat Prevention Policy
        • Configuring Signal UEM Using Jamf Security Cloud
          • Configuring Conditional Access for Microsoft Intune
        • Responding to a Vulnerable App Notification
        • Setting Notifications for an Out-of-Date OS
        • Threat Severity and Risk Scores
        • Automating Security Responses with Your Threat Prevention Policy
        • Threat Prevention Categories Reference
          • Vulnerable Apps Threat Category
      • Custom Threat Intelligence
      • App Watchlist
      • App Blocking
      • Security Reports
        • App Insights Report
        • App Risk Score
        • Vulnerability Management Report
  • Copyright and Trademarks
Table of Contents

Configuring the Threat Events Stream for Splunk

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last UpdatedAug 15, 2024
  • 1 minute read
    • Jamf Protect
    • Technical Documentation
  • Configuring the Threat Events Stream for Splunk via Syslog
  • Configuring the Threat Events Stream for Splunk via HTTP Event Collector
  • Configuring the Threat Events Stream for Splunk via AWS S3
Related Content
  • Jamf Protect Add-on for Splunk

For an enhanced experience and access to additional features, log in to the Jamf Learning Hub with your Jamf ID.

Login
Jamf's purpose is to simplify work by helping organizations manage and secure an Apple experience that end users love and organizations trust. Jamf is the only company in the world that provides a complete management and security solution for an Apple-first environment that is enterprise secure, consumer simple and protects personal privacy. Learn about Jamf.
Quick Links
  • Jamf Support
  • Training & Certifications
  • Jamf Account
  • Jamf Resources
  • Jamf Integrations
  • Jamf Blog
  • Jamf Nation
  • Marketplace
  • Become a Partner
  • Find a Partner
Solutions
  • The Jamf platform
  • Zero-touch deployment
  • Mobile Device Management (MDM)
  • Application management
  • Inventory management
  • Self Service
  • Identity and access management
  • Endpoint protection
  • Threat prevention and remediation
  • Content filtering and safe internet
  • Zero Trust Network Access (ZTNA)
  • Security visibility and compliance
  • CookiesCopyrightPrivacyTerms of UseTrustModern Slavery Act StatementTwitterLinkedInYouTubeInstagramFacebook
TitleResults for “How to create a CRG?”Also Available inAlertDownload