jamfprotect
jamfprotect copied to clipboard
A repository for open-source resources created for use with or alongside Jamf Protect.
Custom Analytics to detect the use of `scp` specifically to transfer files to a remote destination or a generic rule to detect either `scp`, `sftp` or `rsync`. provided Context Items...
Migration primarily from the use of `.commandLine` to `.args` to be able to iterate through an array of arguments, this should be safer and more specific and in some cases...
In most JAMF predicates there are double-quotes that are quoting a string within a string. For example, try the [unified_log_filters/login_through_login_window_with_password_failure.yaml](https://github.com/jamf/jamfprotect/blob/main/unified_log_filters/login_through_login_window_with_password_failure.yaml) file: ```yaml predicate: "processImagePath BEGINSWITH "/System/" AND process == "SecurityAgent"...
Hey all, There's an issue with the following predicate in it's usage with Jamf Protect (though this applies to other predicates in this repo as well): https://github.com/jamf/jamfprotect/blob/32096d0c425882ad558721162d41aabf357214ce/unified_log_filters/jamf_connect/cloud_idp_authentication_bypass_and_local_user_authentication.yaml#L4C4-L4C4 The output from...
initial upload