jamfprotect icon indicating copy to clipboard operation
jamfprotect copied to clipboard

verified publisher icon jamf

Metadata

A repository for open-source resources created for use with or alongside Jamf Protect.

Results 12 jamfprotect issues
Sort by recently updated
recently updated
newest added

generic / scp_file_copied_remote_destination

Custom Analytics to detect the use of `scp` specifically to transfer files to a remote destination or a generic rule to detect either `scp`, `sftp` or `rsync`. provided Context Items...

txhaflaire avatar txhaflaire

analytics

Task/analytic args improvements

Migration primarily from the use of `.commandLine` to `.args` to be able to iterate through an array of arguments, this should be safer and more specific and in some cases...

txhaflaire avatar txhaflaire

enhancement
analytics

YAML Syntax Requires escaped quotes within quotes

In most JAMF predicates there are double-quotes that are quoting a string within a string. For example, try the [unified_log_filters/login_through_login_window_with_password_failure.yaml](https://github.com/jamf/jamfprotect/blob/main/unified_log_filters/login_through_login_window_with_password_failure.yaml) file: ```yaml predicate: "processImagePath BEGINSWITH "/System/" AND process == "SecurityAgent"...

arcsector avatar arcsector

Jamf Connect UL predicate doesn't work due to log level

2 comment

Hey all, There's an issue with the following predicate in it's usage with Jamf Protect (though this applies to other predicates in this repo as well): https://github.com/jamf/jamfprotect/blob/32096d0c425882ad558721162d41aabf357214ce/unified_log_filters/jamf_connect/cloud_idp_authentication_bypass_and_local_user_authentication.yaml#L4C4-L4C4 The output from...

vc5047 avatar vc5047

bug

Add files via upload

1 comment

initial upload

mtward2613 avatar mtward2613

New EA for Web Protection and a new custom Analytic

- **jamf_protect_WebProtection.sh** - Extension Attribute for retrieving the state of Web Protection - **installer_initiated_network_connection** - A custom Analytic to monitor the invocation of `curl`, `nscurl` where the responsible process is...

txhaflaire avatar txhaflaire

Add system-wide cron job analytic rule

2 comment

This PR adds an analytic for system-wide cron job changes detection, which is not covered by default analytics in JAMF Protect.

nusantara-self avatar nusantara-self

SAP Privileges Filter Predicate Update

https://github.com/jamf/jamfprotect/blob/main/unified_log_filters/third_party/sap_privileges_user_rights_elevations_and_demotions.yaml New filter should be: process == "PrivilegesDaemon" && eventMessage CONTAINS "SAPCorp

kevinVodi avatar kevinVodi

Update hosts_file_modification.yaml

Updated the analytic to match regardless of path (I found that editing the file like `sudo nano /etc/hosts` did not trigger the analytic)

smithjw avatar smithjw

create filter/predicate to avoid tampering with third party application

Do we have any generic predicate/filter that we can use to block/alert tampering with third party application, such as: ```bash sudo rm -rf /Applications/xyz-example.app ``` I feel this could be...

dmdhrumilmistry avatar dmdhrumilmistry

Metadata

181
Stars
23
Forks
Watchers

Owner

verified publisher icon jamf

Metadata

A repository for open-source resources created for use with or alongside Jamf Protect.

Back