edr.jamf
- Juan Tomás Alonso Nieto (Deactivated)
Introduction
The tags begin with edr.jamf identify the events generated by Jamf.
Tag structure
The full tag must have 4 levels. The first two are fixed as edr.jamf. The third level identifies the type of events sent, and the fourth level indicates the event subtype.
Product / Services | Tags | Data tables |
|---|---|---|
Jamf Protect |
|
|
For more information, read more about Devo tags.
Table structure
These are the fields displayed in this table:
edr.jamf.protect.alerts
Field | Type | Extra fields |
|---|---|---|
eventdate |
|
|
hostname |
|
|
caid |
|
|
certid |
|
|
input__host__ips |
|
|
input__host__serial |
|
|
input__host__hostname |
|
|
input__host__provisioningUDID |
|
|
input__match__event__clickType |
|
|
input__match__event__gid |
|
|
input__match__event__uid |
|
|
input__match__event__uuid |
|
|
input__match__event__targetpid |
|
|
input__match__event__timestamp |
|
|
input__match__event__pid |
|
|
input__match__event__dev |
|
|
input__match__event__iNode |
|
|
input__match__event__path |
|
|
input__match__event__prevFile |
|
|
input__match__event__eventID |
|
|
input__match__event__type |
|
|
input__match__event__subsystem |
|
|
input__match__event__senderImagePath |
|
|
input__match__event__sender |
|
|
input__match__event__category |
|
|
input__match__event__composedMessage |
|
|
input__match__event__name |
|
|
input__match__event__processIdentifier |
|
|
input__match__event__processImagePath |
|
|
input__match__event__process |
|
|
input__match__event__subType |
|
|
input__match__event__device |
|
|
input__match__event__usbAddress |
|
|
input__match__context |
|
|
input__match__actions |
|
|
input__match__severity |
|
|
input__match__uuid |
|
|
input__match__tags |
|
|
input__match__facts |
|
|
input__eventType |
|
|
input__related__groups |
|
|
input__related__users |
|
|
input__related__files |
|
|
input__related__processes |
|
|
input__related__binaries |
|
|
at_version |
|
|
at_timestamp |
|
|
headers__http_user_agent |
|
|
headers__accept_encoding |
|
|
headers__request_path |
|
|
headers__accept_language |
|
|
headers__connection |
|
|
headers__http_host |
|
|
headers__content_length |
|
|
headers__http_accept |
|
|
headers__http_version |
|
|
headers__request_method |
|
|
headers__content_type |
|
|
host |
|
|
hostchain |
| ✓ |
tag |
| ✓ |
rawMessage |
| ✓ |