Integrate Jamf Protect
You must have the Endpoint license pack to use this feature.
You can integrate Jamf Protect with Sophos Central so that it sends data to Sophos for analysis.
This is an API-based integration. You'll need details of the Jamf Protect API client.
The key steps are as follows:
- Create an API client in Jamf Protect and save the details.
- Configure an integration in Sophos Central.
Create an API client in Jamf Protect
Before you can interact with the Jamf Protect API, you must create an API client.
To create an API client, do as follows:
- In Jamf Protect, go to Administrative > API Clients.
- Click Create API Client.
- Enter a name for your API client.
- Assign a custom role to the API client with permissions to read Alerts.
-
Copy the API client password for later use.
This value will not be displayed again by Jamf Protect.
-
Your API client configuration and endpoint information is shown. Copy the Client ID.
Next, you configure an integration in Sophos Central.
Configure an integration
To integrate Jamf Protect with Sophos Central, do as follows:
- In Sophos Central, go to Threat Analysis Center > Integrations > Marketplace.
-
Click Jamf Protect.
The Jamf Protect page opens. You can configure integrations here and see a list of any you've already configured.
-
In Data Ingest (Security Alerts), click Add Configuration.
Note
If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See Provide your domain and IP details.
-
In Integration steps, do as follows:
- Enter the Integration name and Integration description.
- Enter the Base URL. This is your Jamf Protect tenant URL in the following form:
https://<your-organization>.protect.jamfcloud.com. - Enter the API Client ID and Password you got from Jamf Protect earlier.
-
Click Save
We create the integration and it appears in your list. If its status icon shows a green tick, your data should appear in the Sophos Data Lake after validation.