Mappings: Jamf Parser - Alert
| Input | Value |
|---|---|
| Vendor | Jamf |
| Product | Jamf |
| Log Format | JSON |
| Event ID Regex Pattern | ^alert_.* |
| Output | Value |
|---|---|
| Vendor | Jamf |
| Product | Jamf |
| Record Type | Network |
| Cloud SIEM Schema Field | Original Record Key | Notes |
|---|---|---|
| action | event.action | |
| changeType | event.eventType.name | |
| description | event.eventType.description | |
| device_hostname | event.device.userDeviceName | |
| device_osName | event.device.os | |
| device_uniqueId | event.device.deviceId | |
| dstDevice_hostname | event.destination.name | |
| dstDevice_ip | event.destination.ip | |
| normalizedAction | event.action | This is a lookup field. More info to come in the catalog later... |
| severity | event.severity | |
| sourceUid | event.eventType.id | |
| success | event.action | This is a lookup field. More info to come in the catalog later... |
| threat_referenceUrl | event.eventUrl | |
| timestamp | event.timestamp | We expect the orginal record value of event.timestamp is in the format YYYY-MM-dd'T'HH:mm:ss.SSSX |
| user_email | event.user.email | |
| user_username | event.user.name |