---
title: Jamf Protect
description: Endpoint security and mobile threat defense (MTD) for Mac and mobile devices.
breadcrumbs: Docs > Integrations > Jamf Protect
---

# Jamf Protect
Supported OS Integration version1.0.0
## Overview{% #overview %}

[Jamf Protect](https://www.jamf.com/products/jamf-protect/) is a comprehensive security solution designed specifically for Apple endpoints, including macOS, iOS and iPadOS endpoints and other supported platforms. Jamf Protect enhances Apple's built-in security features and provides real-time detection of malicious applications, scripts, and user activities.

Jamf Protect not only detects known malware, adware, but also prevents unknown threats and blocks command and control traffic and risky domains. Furthermore, it provides granular insights into endpoint activity, ensuring endpoint health and compliance, and supports incident response with automated workflows. This integration will collect logs from Jamf Protect events which can be analyzed using Datadog. This integration monitors Jamf Protect logs for both macOS Security and Jamf Security Cloud.

## Setup{% #setup %}

### Prerequisites{% #prerequisites %}

- Datadog intake URL. Use the [Datadog API Logs documentation](https://docs.datadoghq.com/api/latest/logs.md#send-logs) and select your Datadog Site at the top of the page.
- Your [Datadog API and App keys](https://docs.datadoghq.com/account_management/api-app-keys.md).

### Installation{% #installation %}

Navigate to the [Integrations page](https://app.datadoghq.com/integrations) and search for the "Jamf Protect" tile.

### macOS Security Portal{% #macos-security-portal %}

1. In Jamf Protect, click **Actions**.

1. Click **Create Actions**.

1. In the *Action Config Name* field, enter a name (such as `Datadog`).

1. (Optional) To collect alerts, click **Remote Alert Collection Endpoints** and add the following:

a. **URL:** `https://${DATADOG_INTAKE_URL}/api/v2/logs?ddsource=jamfprotect&service=alerts`

b. Set **Min Severity & Max Severity**.

c. Click **+ Add HTTP Header** twice and add the following HTML header fields:

   ```
   Name: DD-API-KEY
   Value: <API_Key>
   ```

   ```
   Name: DD-APPLICATION-KEY
   Value: <APPLICATION_KEY>
   ```

1. (Optional) To collect unified logs, click **+ Unified Logs Collection Endpoints** and add the following.

a. **URL:** `https://${DATADOG_INTAKE_URL}/api/v2/logs?ddsource=jamfprotect&service=unifiedlogs`

b. Click **+ Add HTTP Header** twice and add the following HTML header fields.

   ```
   Name: DD-API-KEY
   Value: <API_Key>
   ```

   ```
   Name: DD-APPLICATION-KEY
   Value: <APPLICATION_KEY>
   ```

1. (Optional) To collect telemetry data, click **+ Telemetry Collection Endpoints**.

a. **URL:** `https://${DATADOG_INTAKE_URL}/api/v2/logs?ddsource=jamfprotect&service=telemetry`

b. Click **+ Add HTTP Header** twice and add the following HTML header fields.

   ```
   Name: DD-API-KEY
   Value: <API_Key>
   ```

   ```
   Name: DD-APPLICATION-KEY
   Value: <APPLICATION_KEY>
   ```

1. Click **Save**.

### Update your plan to use configured Actions{% #update-your-plan-to-use-configured-actions %}

1. Click **Plans**.
1. Find the plan assigned to devices.
1. Click **Edit** next to the name of the plan.
1. Select the Action from the *Action Configuration* dropdown menu. This is the Action config name that contains the Datadog configuration.
1. Click **Save**.

### (Optional) Jamf Security Cloud{% #optional-jamf-security-cloud %}

1. Click **Integrations** in the Threat Events Stream.

1. Click **Data Streams**.

1. Click **New Configuration**.

1. Select **Threat Events**.

1. Select **Generic HTTP**.

1. Click **Continue**.

| **Configuration**      | **Details**                         |
| ---------------------- | ----------------------------------- |
| **Name**               | Datadog (Threat)                    |
| **Protocol**           | HTTPS                               |
| **Server Hostname/IP** | `${DATADOG_INTAKE_URL}`             |
| **Port**               | 443                                 |
| **Endpoint**           | `api/v2/logs?ddsource=jamfprotect&` |

1. Click **Create option "DD-API-KEY"**.

   ```
   Header Value: <API_Key>
   Header Name: DD-APPLICATION-KEY
   ```

1. Click **Create option "DD-APPLICATION-KEY"**.

   ```
   Header Value: <APPLICATION_KEY>
   ```

1. Click **Test Configuration**.

1. If successful, click **Create Configuration**.

### (Optional) Network Traffic Stream{% #optional-network-traffic-stream %}

1. Click **Integrations**.

1. Click **Data Streams**.

1. Click **New Configuration**.

1. Select **Threat Events**.

1. Select **Generic HTTP**.

1. Click **Continue**. a. **Configuration Name:** Datadog (Threat)

b. **Protocol:** **HTTPS**

c. **Server** **Hostname/IP:** `${DATADOG_INTAKE_URL}`

d. **Port:** **443**

e. **Endpoint:** `api/v2/logs?ddsource=jamfprotect&service=networktraffic`

f. **Additional Headers:**

   ```
   i.  **Header Name:** DD-API-KEY
   
   1.  Click **Create option "DD-API-KEY"**.
   
   ii.  **Header Value:** <API_Key>
   
      i. Header Name: DD-APPLICATION-KEY
   
   iv.  Click **Create option "DD-APPLICATION-KEY"**.
   
      i. Header Value: <APPLICATION_KEY>
   ```

1. Click **Test Configuration**.

1. If successful, click **Create Configuration**.

### Validation{% #validation %}

Navigate to the [Logs Explorer](https://app.datadoghq.com/logs) and search for `source:jamfprotect` to validate you are receiving logs.

## Data Collected{% #data-collected %}

### Logs{% #logs %}

The Jamf Protect integration allows you to send [Jamf Audit Logs](https://learn.jamf.com/bundle/jamf-protect-documentation/page/Audit_Logs.html) to Datadog.

### Metrics{% #metrics %}

Jamf Protect does not include any metrics.

### Service Checks{% #service-checks %}

Jamf Protect does not include any service checks.

### Events{% #events %}

Jamf Protect does not include any events.

## Troubleshooting{% #troubleshooting %}

Need help? Contact [Datadog support](https://docs.datadoghq.com/help/).