jamfprotect icon indicating copy to clipboard operation
jamfprotect copied to clipboard
verified publisher icon jamf

Add system-wide cron job analytic rule

Open nusantara-self opened this issue 1 year ago • 2 comments

This PR adds an analytic for system-wide cron job changes detection, which is not covered by default analytics in JAMF Protect.

nusantara-self avatar Oct 23 '24 11:10 nusantara-self

Hi @nusantara-self

Thanks for the contribution to this repository, we are going to review the PR as soon as possible. Feel free in meantime to add any screenshots from the captured alerts during your testing here as well.

Cheers, Thijs

txhaflaire avatar Oct 23 '24 11:10 txhaflaire

Hello @txhaflaire,

Thanks a lot! Here's an example screenshot showing what the alert looks like. Without this custom rule, a direct change to /etc/crontab would go unnoticed / would not trigger an alert.

image

Cheers, Fabien

nusantara-self avatar Oct 24 '24 09:10 nusantara-self