Mappings: Jamf Parser - Catch All
| Input | Value |
|---|---|
| Vendor | Jamf |
| Product | Jamf |
| Log Format | JSON |
| Event ID Regex Pattern | _default_ |
| Output | Value |
|---|---|
| Vendor | Jamf |
| Product | Jamf |
| Record Type | Audit |
| Cloud SIEM Schema Field | Original Record Key | Notes |
|---|---|---|
| action | webhook.webhookEvent | |
| description | webhook.nam | |
| device_hostname | event.computer.deviceName | |
| device_ip | event.computer.reportedIpAddress | |
| device_mac | event.computer.macAddress | |
| device_osName | event.computer.osBuild | |
| device_uniqueId | event.computer.udid | |
| srcDevice_ip | event.computer.ipAddress | |
| success | event.successful | This is a lookup field. More info to come in the catalog later... |
| timestamp | webhook.eventTimestamp | We expect the orginal record value of webhook.eventTimestamp is in the format epoch |
| user_email | event.computer.emailAddress | |
| user_username | event.computer.username |