Login
      Contents x
      How Red Canary Works with Jamf
      • 16 Jul 2024
      • 2 Minutes to read
      • PDF
      Contents

      How Red Canary Works with Jamf

      • Updated on 16 Jul 2024
      • 2 Minutes to read
      • PDF
      Article summary

      Red Canary and Jamf are partnering to bring the first Managed Detection and Response (MDR) solution solely focused on Apple devices. 

      Jamf partners exclusively with Apple to ensure the highest development of new features and product support aligned to Apple’s development cycles. Red Canary partnered with Jamf to create a focused detection and monitoring solution, giving you the ability to protect data generated on Apple platforms. Jamf and Red Canary provide a level of security assurance to Apple endpoints that is unmatched in today's industry.

      How it works

      Red Canary and Jamf use several integration points to implement exceptional security operations. 

      The Jamf Protect agent, which focuses on endpoint security, runs on macOS computers and monitors your real-time event driven activity generated on macOS. In addition, Jamf Protect analyzes events using the highly optimized built-in game engine on Apple products. Jamf then forwards your telemetry to Red Canary’s cloud-based detection engine.

      From here, Red Canary analyzes, triages, and investigates potential threats continuously with unique threats specific to macOS and your overall environment. Your enterprise includes more than just macOS devices and the Red Canary Platform monitors across all ingested data correlating threats beyond any one operating system.

      JAMF_Setup.png

      Getting started

      To connect your Jamf Protect deployment to Red Canary follow the steps below:

      1. Set up a data export from your Jamf Protect instance to Red Canary. This configuration instructs the Jamf platform to begin sending your telemetry to Red Canary for processing.

        • Red Canary will provide you with the Amazon S3 Bucket Name, Prefix pattern, and IAM Role information to complete the data forwarding configuration

          mceclip0.png

      2. Create service accounts in the Jamf Pro and Jamf Protect platform for Red Canary teams, including:

        • An Engineering account in Jamf Pro to allow for API connectivity.

        • Accounts for Customer Security Organization (CSO) in Jamf Protect to facilitate investigative actions necessary.

      FAQ

      What kind of Jamf data does Red Canary process?

      We receive all of the data collected by your Jamf sensors, as well as a number of system events generated by the Jamf platform.

      Can I export the data collected by Jamf?

      Absolutely. You can use the Canary Exporter to export Jamf telemetry from Red Canary into your Security Information and Event Management (SIEM), long-term storage, or other processing pipeline. Learn more about Get Data out of Red Canary.

      What are the Networking requirements for Jamf?

      When you deploy Jamf, you will want to know all of the associated network requirements so that your sensors will communicate properly and behave as expected.

      The following documentation includes all the domains and ports necessary to deliver telemetry to Red Canary:

      What Jamf Products are required for Red Canary's Manage Detection and Response (MDR) feature?

      You must have an active license for Jamf Pro and Jamf Protect.

      Was this article helpful?
      What's Next
      PRODUCTS
      USE RED CANARY
      SUPPORT
      Change password!
      Changing your password will log you out immediately. Use the new password to log back in.
      Change profile
      Success!
      First name must have atleast 2 characters. Numbers and special characters are not allowed.
      Last name must have atleast 1 characters. Numbers and special characters are not allowed.
      Enter a valid email
      Enter a valid password
      Your profile has been successfully updated.
      Logout