JAMFProtect#
README
JAMF Protect Prevent List#
This responder manages JAMF Protect prevent lists by adding or removing hashes as needed.
Setup#
- Navigate to Administrative > Account
- Create a role PreventList-Write with permissions Prevent Lists: Read & Write
- Create an API client and assign the above role
- Use these API credentials in your responders
JAMFProtect_addHashtoPreventList#
Author: nusantara-self, StrangeBee
License: AGPL-V3
Version: 1.0
Supported data types:
- thehive:case_artifact
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://www.jamf.com/products/jamf-protect/
Description#
Add IOC to JAMF Protect - creates a custom prevent list for a hash
Configuration#
| base_url | JAMF Protect base url |
|---|---|
| Default value if not configured | https://mycompany.protect.jamfcloud.com |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| client_id | JAMF Protect client ID |
|---|---|
| Default value if not configured | __ |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| password | JAMF Protect password |
|---|---|
| Default value if not configured | __ |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
JAMFProtect_removeHashfromPreventList#
Author: nusantara-self, StrangeBee
License: AGPL-V3
Version: 1.0
Supported data types:
- thehive:case_artifact
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://www.jamf.com/products/jamf-protect/
Description#
Remove IOC on JAMF Protect - removes associated custom prevent list(s) containing the hash
Configuration#
| base_url | JAMF Protect base url |
|---|---|
| Default value if not configured | https://mycompany.protect.jamfcloud.com |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| client_id | JAMF Protect client ID |
|---|---|
| Default value if not configured | __ |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| password | JAMF Protect password |
|---|---|
| Default value if not configured | __ |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |