How Red Canary Works with Jamf
- 06 Nov 2024
- 2 Minutes to read
- PDF
How Red Canary Works with Jamf
- Updated on 06 Nov 2024
- 2 Minutes to read
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Red Canary and Jamf are partnering to bring the first Managed Detection and Response (MDR) solution solely focused on Apple devices.
Jamf partners exclusively with Apple to ensure the highest development of new features and product support aligned to Apple’s development cycles. Red Canary partnered with Jamf to create a focused detection and monitoring solution, giving you the ability to protect data generated on Apple platforms. Jamf and Red Canary provide a level of security assurance to Apple endpoints that is unmatched in today's industry.
NOTE
The Red Canary integration only supports cloud implementations of Jamf, not on-premise installs.
How it works
Red Canary and Jamf use several integration points to implement exceptional security operations.
The Jamf Protect agent, which focuses on endpoint security, runs on macOS computers and monitors your real-time event driven activity generated on macOS. In addition, Jamf Protect analyzes events using the highly optimized built-in game engine on Apple products. Jamf then forwards your telemetry to Red Canary’s cloud-based detection engine.
From here, Red Canary analyzes, triages, and investigates potential threats continuously with unique threats specific to macOS and your overall environment. Your enterprise includes more than just macOS devices and the Red Canary Platform monitors across all ingested data correlating threats beyond any one operating system.
Getting started
To connect your Jamf Protect deployment to Red Canary follow the steps below:
Set up a data export from your Jamf Protect instance to Red Canary. This configuration instructs the Jamf platform to begin sending your telemetry to Red Canary for processing.
Red Canary will provide you with the Amazon S3 Bucket Name, Prefix pattern, and IAM Role information to complete the data forwarding configuration
Create service accounts in the Jamf Pro and Jamf Protect platform for Red Canary teams, including:
An Engineering account in Jamf Pro to allow for API connectivity.
Accounts for Customer Security Organization (CSO) in Jamf Protect to facilitate investigative actions necessary.
FAQ
What kind of Jamf data does Red Canary process?
We receive all of the data collected by your Jamf sensors, as well as a number of system events generated by the Jamf platform.
Can I export the data collected by Jamf?
Absolutely. You can use the Canary Exporter to export Jamf telemetry from Red Canary into your Security Information and Event Management (SIEM), long-term storage, or other processing pipeline. Learn more about Get Data out of Red Canary.
What are the Networking requirements for Jamf?
When you deploy Jamf, you will want to know all of the associated network requirements so that your sensors will communicate properly and behave as expected.
The following documentation includes all the domains and ports necessary to deliver telemetry to Red Canary:
What Jamf Products are required for Red Canary's Manage Detection and Response (MDR) feature?
You must have an active license for Jamf Pro and Jamf Protect.
Why do I get a “jamf pro ui url is invalid” error when configuring the Jamf integration?
Your Jamf instance must be a cloud implementation, not an on-premise install.
Was this article helpful?
