Document toolboxDocument toolbox

edr.jamf

Introduction

The tags begin with edr.jamf identify the events generated by Jamf.

Tag structure

The full tag must have 4 levels. The first two are fixed as edr.jamf. The third level identifies the type of events sent, and the fourth level indicates the event subtype.

Product / Services

Tags

Data tables

Product / Services

Tags

Data tables

Jamf Protect

edr.jamf.protect.alerts

edr.jamf.protect.alerts

For more information, read more about Devo tags.

Table structure

These are the fields displayed in this table:

edr.jamf.protect.alerts

Field

Type

Extra fields

Field

Type

Extra fields

eventdate

timestamp

 

hostname

str

 

caid

str

 

certid

str

 

input__host__ips

str

 

input__host__serial

str

 

input__host__hostname

str

 

input__host__provisioningUDID

str

 

input__match__event__clickType

int4

 

input__match__event__gid

int4

 

input__match__event__uid

str

 

input__match__event__uuid

str

 

input__match__event__targetpid

int4

 

input__match__event__timestamp

str

 

input__match__event__pid

int4

 

input__match__event__dev

int8

 

input__match__event__iNode

int8

 

input__match__event__path

str

 

input__match__event__prevFile

str

 

input__match__event__eventID

int4

 

input__match__event__type

int4

 

input__match__event__subsystem

str

 

input__match__event__senderImagePath

str

 

input__match__event__sender

str

 

input__match__event__category

str

 

input__match__event__composedMessage

str

 

input__match__event__name

str

 

input__match__event__processIdentifier

int4

 

input__match__event__processImagePath

str

 

input__match__event__process

str

 

input__match__event__subType

int4

 

input__match__event__device

json

 

input__match__event__usbAddress

int4

 

input__match__context

str

 

input__match__actions

str

 

input__match__severity

int4

 

input__match__uuid

str

 

input__match__tags

str

 

input__match__facts

str

 

input__eventType

str

 

input__related__groups

str

 

input__related__users

str

 

input__related__files

str

 

input__related__processes

str

 

input__related__binaries

str

 

at_version

str

 

at_timestamp

timestamp

 

headers__http_user_agent

str

 

headers__accept_encoding

str

 

headers__request_path

str

 

headers__accept_language

str

 

headers__connection

str

 

headers__http_host

str

 

headers__content_length

str

 

headers__http_accept

str

 

headers__http_version

str

 

headers__request_method

str

 

headers__content_type

str

 

host

ip4

 

hostchain

str

 ✓

tag

str

 ✓

rawMessage

str

 ✓