edr.jamf
Introduction
The tags begin with edr.jamf
identify the events generated by Jamf.
Tag structure
The full tag must have 4 levels. The first two are fixed as edr.jamf
. The third level identifies the type of events sent, and the fourth level indicates the event subtype.
Product / Services | Tags | Data tables |
---|---|---|
Jamf Protect |
|
|
For more information, read more about Devo tags.
Table structure
These are the fields displayed in this table:
edr.jamf.protect.alerts
Field | Type | Extra fields |
---|---|---|
eventdate |
| Â |
hostname |
| Â |
caid |
| Â |
certid |
| Â |
input__host__ips |
| Â |
input__host__serial |
| Â |
input__host__hostname |
| Â |
input__host__provisioningUDID |
| Â |
input__match__event__clickType |
| Â |
input__match__event__gid |
| Â |
input__match__event__uid |
| Â |
input__match__event__uuid |
| Â |
input__match__event__targetpid |
| Â |
input__match__event__timestamp |
| Â |
input__match__event__pid |
| Â |
input__match__event__dev |
| Â |
input__match__event__iNode |
| Â |
input__match__event__path |
| Â |
input__match__event__prevFile |
| Â |
input__match__event__eventID |
| Â |
input__match__event__type |
| Â |
input__match__event__subsystem |
| Â |
input__match__event__senderImagePath |
| Â |
input__match__event__sender |
| Â |
input__match__event__category |
| Â |
input__match__event__composedMessage |
| Â |
input__match__event__name |
| Â |
input__match__event__processIdentifier |
| Â |
input__match__event__processImagePath |
| Â |
input__match__event__process |
| Â |
input__match__event__subType |
| Â |
input__match__event__device |
| Â |
input__match__event__usbAddress |
| Â |
input__match__context |
| Â |
input__match__actions |
| Â |
input__match__severity |
| Â |
input__match__uuid |
| Â |
input__match__tags |
| Â |
input__match__facts |
| Â |
input__eventType |
| Â |
input__related__groups |
| Â |
input__related__users |
| Â |
input__related__files |
| Â |
input__related__processes |
| Â |
input__related__binaries |
| Â |
at_version |
| Â |
at_timestamp |
| Â |
headers__http_user_agent |
| Â |
headers__accept_encoding |
| Â |
headers__request_path |
| Â |
headers__accept_language |
| Â |
headers__connection |
| Â |
headers__http_host |
| Â |
headers__content_length |
| Â |
headers__http_accept |
| Â |
headers__http_version |
| Â |
headers__request_method |
| Â |
headers__content_type |
| Â |
host |
| Â |
hostchain |
|  ✓ |
tag |
|  ✓ |
rawMessage |
|  ✓ |