From 3de3a82ef46abd92d8b9253a31f6f5e1d48bed8e Mon Sep 17 00:00:00 2001
From: darshan-sumo <darshan.lukhi.ctr@sumologic.com>
Date: Thu, 2 Jan 2025 19:11:52 +0530
Subject: [PATCH 1/9] DOCS-617: Created doc for Jamf App

---
 cid-redirects.json                   |   1 +
 docs/integrations/saas-cloud/jamf.md | 910 +++++++++++++++++++++++++++
 2 files changed, 911 insertions(+)
 create mode 100644 docs/integrations/saas-cloud/jamf.md

diff --git a/cid-redirects.json b/cid-redirects.json
index 5316204735..aebdc5eb56 100644
--- a/cid-redirects.json
+++ b/cid-redirects.json
@@ -1577,6 +1577,7 @@
   "/cid/10111": "/docs/integrations/app-development/jfrog-xray",
   "/cid/10188": "/docs/integrations/saas-cloud/miro",
   "/cid/10187": "/docs/integrations/saas-cloud/digital-guardian-arc",
+  "/cid/10114": "/docs/integrations/saas-cloud/jamf",
   "/cid/10208": "/docs/integrations/saas-cloud/cisco-meraki-c2c",
   "/cid/10209": "/docs/integrations/security-threat-detection/cisco-meraki",
   "/cid/10210": "/docs/integrations/saas-cloud/proofpoint-tap",
diff --git a/docs/integrations/saas-cloud/jamf.md b/docs/integrations/saas-cloud/jamf.md
new file mode 100644
index 0000000000..4de7cba917
--- /dev/null
+++ b/docs/integrations/saas-cloud/jamf.md
@@ -0,0 +1,910 @@
+---
+id: jamf
+title: Jamf
+sidebar_label: Jamf
+description: The Sumo Logic App for Jamf is designed to empower IT administrators and security analysts with critical insights into their organization's Jamf environment.
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<img src={useBaseUrl('img/send-data/jamf.png')} alt="jamf" width="85"/>
+
+The Sumo Logic App for Jamf is designed to empower IT administrators and security analysts with critical insights into their organization's Jamf environment. It provides real-time monitoring of device inventory, management activities, and security configurations. With pre-built dashboards, the app enables users to track key metrics, such as device compliance, software deployments, command statuses, and security risks. Analysts can quickly identify anomalous behaviors, such as devices with expired certificates, risky geo-locations, or failed management actions, through detailed visualizations. The app also highlights trends in device usage, audit events, and management policy adoption, ensuring seamless tracking of compliance and security metrics. By integrating with Jamf, the app offers a centralized view to detect, investigate, and respond to threats and operational inefficiencies effectively, making it an essential tool for maintaining the integrity of your Jamf-managed environment.
+
+:::info
+This app includes [built-in monitors](#jamf-monitors). For details on creating custom monitors, refer to the [Create monitors for Jamf app](#create-monitors-for-jamf-app).
+:::
+
+## Log types
+
+This app uses Sumo Logic’s [Jamf Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jamf-source/) to collect the logs from the Jamf platform.
+
+### Sample log message
+
+<details>
+<summary>Computer Inventory Logs</summary>
+
+```json
+{
+  "totalCount": 3,
+  "results": [
+    {
+      "id": "1",
+      "udid": "123",
+      "general": {
+        "name": "Boalime",
+        "lastIpAddress": "247.185.82.186",
+        "lastReportedIp": "247.185.82.186",
+        "jamfBinaryVersion": "9.27",
+        "platform": "Mac",
+        "barcode1": "5 12345 678900",
+        "barcode2": "5 12345 678900",
+        "assetTag": "304822",
+        "remoteManagement": {
+          "managed": true
+        },
+        "supervised": true,
+        "mdmCapable": {
+          "capable": true,
+          "capableUsers": [
+            "admin",
+            "rootadmin"
+          ]
+        },
+        "reportDate": "2018-10-31T18:04:13Z",
+        "lastContactTime": "2018-10-31T18:04:13Z",
+        "lastCloudBackupDate": "2018-10-31T18:04:13Z",
+        "lastEnrolledDate": "2018-10-31T18:04:13Z",
+        "mdmProfileExpiration": "2018-10-31T18:04:13Z",
+        "initialEntryDate": "2018-10-31",
+        "distributionPoint": "distribution point name",
+        "enrollmentMethod": {
+          "id": "1",
+          "objectName": "user@domain.com",
+          "objectType": "User-initiated - no invitation"
+        },
+        "site": {
+          "id": "1",
+          "name": "Eau Claire"
+        },
+        "itunesStoreAccountActive": true,
+        "enrolledViaAutomatedDeviceEnrollment": true,
+        "userApprovedMdm": true,
+        "declarativeDeviceManagementEnabled": true,
+        "extensionAttributes": [
+          {
+            "definitionId": "23",
+            "name": "Some Attribute",
+            "description": "Some Attribute defines how much Foo impacts Bar.",
+            "enabled": true,
+            "multiValue": true,
+            "values": [
+              "foo",
+              "bar"
+            ],
+            "dataType": "STRING",
+            "options": [
+              "foo",
+              "bar"
+            ],
+            "inputType": "TEXT"
+          }
+        ],
+        "managementId": "73226fb6-61df-4c10-9552-eb9bc353d507"
+      },
+      "diskEncryption": {
+        "bootPartitionEncryptionDetails": {
+          "partitionName": "main",
+          "partitionFileVault2State": "VALID",
+          "partitionFileVault2Percent": 100
+        },
+        "individualRecoveryKeyValidityStatus": "VALID",
+        "institutionalRecoveryKeyPresent": true,
+        "diskEncryptionConfigurationName": "Test configuration",
+        "fileVault2Enabled": true,
+        "fileVault2EnabledUserNames": [
+          "admin"
+        ],
+        "fileVault2EligibilityMessage": "Not a boot partition"
+      },
+      "purchasing": {
+        "leased": true,
+        "purchased": true,
+        "poNumber": "53-1",
+        "poDate": "2019-01-01",
+        "vendor": "Example Vendor",
+        "warrantyDate": "2019-01-01",
+        "appleCareId": "abcd",
+        "leaseDate": "2019-01-01",
+        "purchasePrice": "$500",
+        "lifeExpectancy": 5,
+        "purchasingAccount": "admin",
+        "purchasingContact": "true",
+        "extensionAttributes": [
+          {
+            "definitionId": "23",
+            "name": "Some Attribute",
+            "description": "Some Attribute defines how much Foo impacts Bar.",
+            "enabled": true,
+            "multiValue": true,
+            "values": [
+              "foo",
+              "bar"
+            ],
+            "dataType": "STRING",
+            "options": [
+              "foo",
+              "bar"
+            ],
+            "inputType": "TEXT"
+          }
+        ]
+      },
+      "applications": [
+        {
+          "name": "Microsoft Word",
+          "path": "/usr/local/app",
+          "version": "1.0.0",
+          "macAppStore": true,
+          "sizeMegabytes": 25,
+          "bundleId": "1",
+          "updateAvailable": false,
+          "externalVersionId": "1"
+        }
+      ],
+      "storage": {
+        "bootDriveAvailableSpaceMegabytes": 3072,
+        "disks": [
+          {
+            "id": "170",
+            "device": "disk0",
+            "model": "APPLE HDD TOSHIBA MK5065GSXF",
+            "revision": "5",
+            "serialNumber": "a8598f013366",
+            "sizeMegabytes": 262144,
+            "smartStatus": "OK",
+            "type": "false",
+            "partitions": [
+              {
+                "name": "Foo",
+                "sizeMegabytes": 262144,
+                "availableMegabytes": 131072,
+                "partitionType": "BOOT",
+                "percentUsed": 25,
+                "fileVault2State": "VALID",
+                "fileVault2ProgressPercent": 45,
+                "lvmManaged": true
+              }
+            ]
+          }
+        ]
+      },
+      "userAndLocation": {
+        "username": "Madison Anderson",
+        "realname": "13-inch MacBook",
+        "email": "email@com.pl",
+        "position": "IT Team Lead",
+        "phone": "123-456-789",
+        "departmentId": "1",
+        "buildingId": "1",
+        "room": "5",
+        "extensionAttributes": [
+          {
+            "definitionId": "23",
+            "name": "Some Attribute",
+            "description": "Some Attribute defines how much Foo impacts Bar.",
+            "enabled": true,
+            "multiValue": true,
+            "values": [
+              "foo",
+              "bar"
+            ],
+            "dataType": "STRING",
+            "options": [
+              "foo",
+              "bar"
+            ],
+            "inputType": "TEXT"
+          }
+        ]
+      },
+      "configurationProfiles": [
+        {
+          "id": "1",
+          "username": "username",
+          "lastInstalled": "2018-10-31T18:04:13Z",
+          "removable": true,
+          "displayName": "Displayed profile",
+          "profileIdentifier": "0ae590fe-9b30-11ea-bb37-0242ac130002"
+        }
+      ],
+      "printers": [
+        {
+          "name": "My Printer",
+          "type": "XYZ 1122",
+          "uri": "ipp://10.0.0.5",
+          "location": "7th floor"
+        }
+      ],
+      "services": [
+        {
+          "name": "SomeService"
+        }
+      ],
+      "hardware": {
+        "make": "Apple",
+        "model": "13-inch MacBook Pro (Mid 2012)",
+        "modelIdentifier": "MacBookPro9,2",
+        "serialNumber": "C02ZC2QYLVDL",
+        "processorSpeedMhz": 2100,
+        "processorCount": 2,
+        "coreCount": 2,
+        "processorType": "Intel Core i5",
+        "processorArchitecture": "i386",
+        "busSpeedMhz": 2133,
+        "cacheSizeKilobytes": 3072,
+        "networkAdapterType": "Foo",
+        "macAddress": "6A:2C:4B:B7:65:B5",
+        "altNetworkAdapterType": "Bar",
+        "altMacAddress": "82:45:58:44:dc:01",
+        "totalRamMegabytes": 4096,
+        "openRamSlots": 0,
+        "batteryCapacityPercent": 85,
+        "batteryHealth": "UNKNOWN",
+        "smcVersion": "2.2f38",
+        "nicSpeed": "N/A",
+        "opticalDrive": "MATSHITA DVD-R UJ-8A8",
+        "bootRom": "MBP91.00D3.B08",
+        "bleCapable": false,
+        "supportsIosAppInstalls": false,
+        "appleSilicon": false,
+        "extensionAttributes": [
+          {
+            "definitionId": "23",
+            "name": "Some Attribute",
+            "description": "Some Attribute defines how much Foo impacts Bar.",
+            "enabled": true,
+            "multiValue": true,
+            "values": [
+              "foo",
+              "bar"
+            ],
+            "dataType": "STRING",
+            "options": [
+              "foo",
+              "bar"
+            ],
+            "inputType": "TEXT"
+          }
+        ]
+      },
+      "localUserAccounts": [
+        {
+          "uid": "501",
+          "userGuid": "844F1177-0CF5-40C6-901F-38EDD9969C1C",
+          "username": "jamf",
+          "fullName": "John Jamf",
+          "admin": true,
+          "homeDirectory": "/Users/jamf",
+          "homeDirectorySizeMb": 131072,
+          "fileVault2Enabled": true,
+          "userAccountType": "LOCAL",
+          "passwordMinLength": 4,
+          "passwordMaxAge": 5,
+          "passwordMinComplexCharacters": 5,
+          "passwordHistoryDepth": 5,
+          "passwordRequireAlphanumeric": true,
+          "computerAzureActiveDirectoryId": "1",
+          "userAzureActiveDirectoryId": "1",
+          "azureActiveDirectoryId": "ACTIVATED"
+        }
+      ],
+      "certificates": [
+        {
+          "commonName": "jamf.com",
+          "identity": true,
+          "expirationDate": "2030-10-31T18:04:13Z",
+          "username": "test",
+          "lifecycleStatus": "ACTIVE",
+          "certificateStatus": "ISSUED",
+          "subjectName": "CN=jamf.com",
+          "serialNumber": "40f3d9fb",
+          "sha1Fingerprint": "ed361458724d06082b2314acdb82e1f586f085f5",
+          "issuedDate": "2022-05-23T14:54:10Z"
+        }
+      ],
+      "attachments": [
+        {
+          "id": "1",
+          "name": "Attachment.pdf",
+          "fileType": "application/pdf",
+          "sizeBytes": 1024
+        }
+      ],
+      "plugins": [
+        {
+          "name": "plugin name",
+          "version": "1.02",
+          "path": "/Applications/"
+        }
+      ],
+      "packageReceipts": {
+        "installedByJamfPro": [
+          "com.jamf.protect.JamfProtect"
+        ],
+        "installedByInstallerSwu": [
+          "com.apple.pkg.Core"
+        ],
+        "cached": [
+          "com.jamf.protect.JamfProtect"
+        ]
+      },
+      "fonts": [
+        {
+          "name": "font name",
+          "version": "1.02",
+          "path": "/Applications/"
+        }
+      ],
+      "security": {
+        "sipStatus": "ENABLED",
+        "gatekeeperStatus": "APP_STORE_AND_IDENTIFIED_DEVELOPERS",
+        "xprotectVersion": "1.2.3",
+        "autoLoginDisabled": false,
+        "remoteDesktopEnabled": true,
+        "activationLockEnabled": true,
+        "recoveryLockEnabled": true,
+        "firewallEnabled": true,
+        "secureBootLevel": "FULL_SECURITY",
+        "externalBootLevel": "ALLOW_BOOTING_FROM_EXTERNAL_MEDIA",
+        "bootstrapTokenAllowed": true,
+        "bootstrapTokenEscrowedStatus": "ESCROWED",
+        "lastAttestationAttempt": "1970-01-01T00:00:00Z",
+        "lastSuccessfulAttestation": "1970-01-01T00:00:00Z",
+        "attestationStatus": "PENDING"
+      },
+      "operatingSystem": {
+        "name": "Mac OS X",
+        "version": "10.9.5",
+        "build": "13A603",
+        "supplementalBuildVersion": "13A953",
+        "rapidSecurityResponse": "(a)",
+        "activeDirectoryStatus": "Not Bound",
+        "fileVault2Status": "ALL_ENCRYPTED",
+        "softwareUpdateDeviceId": "J132AP",
+        "extensionAttributes": [
+          {
+            "definitionId": "23",
+            "name": "Some Attribute",
+            "description": "Some Attribute defines how much Foo impacts Bar.",
+            "enabled": true,
+            "multiValue": true,
+            "values": [
+              "foo",
+              "bar"
+            ],
+            "dataType": "STRING",
+            "options": [
+              "foo",
+              "bar"
+            ],
+            "inputType": "TEXT"
+          }
+        ]
+      },
+      "licensedSoftware": [
+        {
+          "id": "1",
+          "name": "Microsoft Word"
+        }
+      ],
+      "ibeacons": [
+        {
+          "name": "room A"
+        }
+      ],
+      "softwareUpdates": [
+        {
+          "name": "BEdit",
+          "version": "1.15.2",
+          "packageName": "com.apple.pkg.AdditionalEssentials"
+        }
+      ],
+      "extensionAttributes": [
+        {
+          "definitionId": "23",
+          "name": "Some Attribute",
+          "description": "Some Attribute defines how much Foo impacts Bar.",
+          "enabled": true,
+          "multiValue": true,
+          "values": [
+            "foo",
+            "bar"
+          ],
+          "dataType": "STRING",
+          "options": [
+            "foo",
+            "bar"
+          ],
+          "inputType": "TEXT"
+        }
+      ],
+      "contentCaching": {
+        "computerContentCachingInformationId": "1",
+        "parents": [
+          {
+            "contentCachingParentId": "1",
+            "address": "SomeAddress",
+            "alerts": {
+              "contentCachingParentAlertId": "1",
+              "addresses": [],
+              "className": "SomeClass",
+              "postDate": "2018-10-31T18:04:13Z"
+            },
+            "details": {
+              "contentCachingParentDetailsId": "1",
+              "acPower": true,
+              "cacheSizeBytes": 0,
+              "capabilities": {
+                "contentCachingParentCapabilitiesId": "1",
+                "imports": true,
+                "namespaces": true,
+                "personalContent": true,
+                "queryParameters": true,
+                "sharedContent": true,
+                "prioritization": true
+              },
+              "portable": true,
+              "localNetwork": [
+                {
+                  "contentCachingParentLocalNetworkId": "1",
+                  "speed": 5000,
+                  "wired": true
+                }
+              ]
+            },
+            "guid": "CD1E1291-4AF9-4468-B5D5-0F780C13DB2F",
+            "healthy": true,
+            "port": 0,
+            "version": "1"
+          }
+        ],
+        "alerts": [
+          {
+            "cacheBytesLimit": 0,
+            "className": "SomeClass",
+            "pathPreventingAccess": "/some/path",
+            "postDate": "2018-10-31T18:04:13Z",
+            "reservedVolumeBytes": 0,
+            "resource": "SomeResource"
+          }
+        ],
+        "activated": false,
+        "active": false,
+        "actualCacheBytesUsed": 0,
+        "cacheDetails": [
+          {
+            "computerContentCachingCacheDetailsId": "1",
+            "categoryName": "SomeCategory",
+            "diskSpaceBytesUsed": 0
+          }
+        ],
+        "cacheBytesFree": 23353884672,
+        "cacheBytesLimit": 0,
+        "cacheStatus": "OK",
+        "cacheBytesUsed": 0,
+        "dataMigrationCompleted": false,
+        "dataMigrationProgressPercentage": 0,
+        "dataMigrationError": {
+          "code": 0,
+          "domain": "SomeDomain",
+          "userInfo": [
+            {
+              "key": "foo",
+              "value": "bar"
+            }
+          ]
+        },
+        "maxCachePressureLast1HourPercentage": 0,
+        "personalCacheBytesFree": 23353884672,
+        "personalCacheBytesLimit": 0,
+        "personalCacheBytesUsed": 0,
+        "port": 0,
+        "publicAddress": "SomeAddress",
+        "registrationError": "NOT_ACTIVATED",
+        "registrationResponseCode": 403,
+        "registrationStarted": "2018-10-31T18:04:13Z",
+        "registrationStatus": "CONTENT_CACHING_FAILED",
+        "restrictedMedia": false,
+        "serverGuid": "CD1E1291-4AF9-4468-B5D5-0F780C13DB2F",
+        "startupStatus": "FAILED",
+        "tetheratorStatus": "CONTENT_CACHING_DISABLED",
+        "totalBytesAreSince": "2018-10-31T18:04:13Z",
+        "totalBytesDropped": 0,
+        "totalBytesImported": 0,
+        "totalBytesReturnedToChildren": 0,
+        "totalBytesReturnedToClients": 0,
+        "totalBytesReturnedToPeers": 0,
+        "totalBytesStoredFromOrigin": 0,
+        "totalBytesStoredFromParents": 0,
+        "totalBytesStoredFromPeers": 0
+      },
+      "groupMemberships": [
+        {
+          "groupId": "1",
+          "groupName": "groupOne",
+          "smartGroup": true
+        }
+      ]
+    }
+  ]
+}
+```
+</details>
+
+<details>
+<summary>Computer History Logs</summary>
+
+```json
+{
+  "general": {
+    "id": 1,
+    "name": "Admins MacBook Pro",
+    "udid": "55900BDC-347C-58B1-D249-F32244B11D30",
+    "serial_number": "C02Q7KHTGFWF",
+    "mac_address": "E0:AC:CB:97:36:G4"
+  },
+  "computer_usage_logs": [
+    {
+      "usage_log": {
+        "event": "login",
+        "username": "Admin",
+        "date_time": "2017-07-07T18:37:04.000Z",
+        "date_time_epoch": 1499470624555,
+        "date_time_utc": "2017-07-07T18:37:04.555-0500"
+      }
+    }
+  ],
+  "audits": [
+    {
+      "audit": {
+        "event": "Viewed FileVault Encryption Key",
+        "username": "Jamf Pro Admin",
+        "date_time": "2017-07-07T18:37:04.000Z",
+        "date_time_epoch": 1499470624555,
+        "date_time_utc": "2017-07-07T18:37:04.555-0500"
+      }
+    }
+  ],
+  "policy_logs": [
+    {
+      "policy_log": {
+        "policy_id": 1,
+        "policy_name": "Update Inventory",
+        "username": "Username",
+        "date_time": "2017-07-07T18:37:04.000Z",
+        "date_time_epoch": 1499470624555,
+        "date_time_utc": "2017-07-07T18:37:04.555-0500",
+        "status": "Completed"
+      }
+    }
+  ],
+  "casper_remote_logs": [
+    {
+      "casper_remote_log": {
+        "date_time": "2017-07-07T18:37:04.000Z",
+        "date_time_epoch": 1499470624555,
+        "date_time_utc": "2017-07-07T18:37:04.555-0500",
+        "status": "Completed"
+      }
+    }
+  ],
+  "screen_sharing_logs": [
+    {
+      "screen_sharing_log": {
+        "date_time": "2017-07-07T18:37:04.000Z",
+        "date_time_epoch": 1499470624555,
+        "date_time_utc": "2017-07-07T18:37:04.555-0500",
+        "status": "Completed",
+        "details": "admin authenticated to screen share with computer at 10.1.1.1"
+      }
+    }
+  ],
+  "casper_imaging_logs": [
+    {
+      "casper_imaging_log": {
+        "date_time": "2017-07-07T18:37:04.000Z",
+        "date_time_epoch": 1499470624555,
+        "date_time_utc": "2017-07-07T18:37:04.555-0500",
+        "status": "Completed"
+      }
+    }
+  ],
+  "commands": {
+    "completed": [
+      {
+        "command": {
+          "name": "WiFi Configuration Profile",
+          "completed": "2017/07/07 at 6:37 PM",
+          "completed_epoch": 1499470624555,
+          "completed_utc": "2017-07-07T18:37:04.555-0500",
+          "username": "string"
+        }
+      }
+    ],
+    "pending": [
+      {
+        "command": {
+          "name": "ProfileList",
+          "status": "Pending",
+          "issued": "2017/07/07 at 6:37 PM",
+          "issued_epoch": 1499470624555,
+          "issued_utc": "2017-07-07T18:37:04.555-0500",
+          "last_push": "2017/07/07 at 6:38 PM",
+          "last_push_epoch": 1499470735555,
+          "last_push_utc": "2017-07-07T18:38:55.555-0500",
+          "username": "string"
+        }
+      }
+    ],
+    "failed": [
+      {
+        "command": {
+          "name": "Install Configuration Profile AD Binding",
+          "status": "The Directory Binding Account payload could not be installed",
+          "issued": "2017/07/07 at 6:37 PM",
+          "issued_epoch": 1499470624555,
+          "issued_utc": "2017-07-07T18:37:04.555-0500",
+          "failed": "2017/07/07 at 6:38 PM",
+          "failed_epoch": 1499470735555,
+          "failed_utc": "2017-07-07T18:38:55.555-0500"
+        }
+      }
+    ]
+  },
+  "user_location": [
+    {
+      "location": {
+        "date_time": "2017/07/07 at 6:37 PM",
+        "date_time_epoch": 1499470624555,
+        "date_time_utc": "2017-07-07T18:37:04.555-0500",
+        "username": "Betty.Johnson",
+        "full_name": "Betty Johnson",
+        "email_address": "betty.johnson@company.com",
+        "phone_number": "555-555-5555",
+        "department": "Information Technology",
+        "building": "Block D",
+        "room": 134,
+        "position": "Chief of Everything"
+      }
+    }
+  ],
+  "mac_app_store_applications": {
+    "installed": [
+      {
+        "app": {
+          "name": "Xcode",
+          "version": "8.3.3",
+          "size_mb": 150
+        }
+      }
+    ],
+    "pending": [
+      {
+        "app": {
+          "name": "Xcode",
+          "version": "8.3.2",
+          "deployed": "2 minutes ago",
+          "deployed_epoch": 1499470624555,
+          "deployed_utc": "2018-02-22T16:55:14.000-0600",
+          "last_update": "2 minutes ago",
+          "last_update_epoch": 1499470624555,
+          "last_update_utc": "2018-02-22T16:55:14.000-0600"
+        }
+      }
+    ],
+    "failed": [
+      {
+        "app": {
+          "name": "Xcode",
+          "version": "8.3.2",
+          "status": "Failed",
+          "deployed": "2 minutes ago",
+          "deployed_epoch": 1499470624555,
+          "deployed_utc": "2018-02-22T16:55:14.000-0600",
+          "last_update": "2 minutes ago",
+          "last_update_epoch": 1499470624555,
+          "last_update_utc": "2018-02-22T16:55:14.000-0600"
+        }
+      }
+    ]
+  }
+}
+```
+</details>
+
+<details>
+<summary>Computer Management Logs</summary>
+
+```json
+{
+  "general": {
+    "id": 1,
+    "name": "Steves iMac",
+    "udid": "55900BDC-347C-58B1-D249-F32244B11D30",
+    "serial_number": "C02Q7KHTGFWF",
+    "mac_address": "E0:AC:CB:97:36:G4"
+  },
+  "policies": [
+    {
+      "policy": {
+        "id": 1,
+        "name": "Update Inventory",
+        "trigger": "Self Service, Check-in"
+      }
+    }
+  ],
+  "ebooks": [
+    {
+      "ebook": {
+        "id": 1,
+        "name": "string"
+      }
+    }
+  ],
+  "mac_app_store_apps": [
+    {
+      "mac_app_store_app": {
+        "id": 1,
+        "name": "string"
+      }
+    }
+  ],
+  "os_x_configuration_profiles": [
+    {
+      "profile": {
+        "id": 1,
+        "name": "string"
+      }
+    }
+  ],
+  "restricted_software": [
+    {
+      "software": {
+        "id": 1,
+        "name": "string"
+      }
+    }
+  ],
+  "smart_groups": [
+    {
+      "group": {
+        "id": 1,
+        "name": "string"
+      }
+    }
+  ],
+  "static_groups": [
+    {
+      "group": {
+        "id": 1,
+        "name": "string"
+      }
+    }
+  ],
+  "patch_reporting_software_titles": [
+    {
+      "title": {
+        "name": "Google Chrome",
+        "latest_version": "64.0.3282.119",
+        "installed_version": "63.0.3239.132"
+      }
+    }
+  ],
+  "patch_policies": [
+    {
+      "patch_policy": {
+        "id": 1,
+        "name": "string"
+      }
+    }
+  ]
+}
+```
+</details>
+
+### Sample queries
+
+```sql title="Active Devices over Time"
+_sourceCategory="Labs/Jamf" !computer_history !computer_management
+| parse regex "^\{\s*\"id\"\s*:\s*\"(?<device_id>\d+)\",.*" nodrop
+| parse regex ".*\"platform\"\s*:\s*\"(?<platform>[^,]+)\",.*" nodrop
+| parse regex ".*\"lastContactTime\"\s*:\s*\"(?<time>[^,]+)\",.*" nodrop
+
+// global filters
+| where platform matches "{{platform}}"
+
+| parseDate(time, "yyyy-MM-dd'T'HH:mm:ss.SSS") as _timeslice 
+| timeslice 1d
+| count by device_id, _timeslice
+| count as frequency by _timeslice
+| fillmissing timeslice
+```
+
+```sql title="Most Installed Applications"
+_sourceCategory="Labs/Jamf" computer_history
+| json "computer_history.general.id", "computer_history.general.name", "computer_history.general.mac_address", "computer_history.general.serial_number", "computer_history.mac_app_store_applications.installed[*]" as device_id, device_name, mac_address, serial_number, installed_apps nodrop
+| where !(installed_apps matches "[]")
+| extract field=installed_apps "(?<apps>\{[^}]*\})" multi
+| json field=apps "name" as name nodrop
+| count by name, device_id
+| count as frequency by name
+| sort by frequency, name
+```
+
+```sql title="Unique Configured OS Profiles"
+_sourceCategory="Labs/Jamf" computer_management
+| json "computer_management.general.id", "computer_management.general.name", "computer_management.general.mac_address", "computer_management.general.serial_number", "computer_management.os_x_configuration_profiles[*]" as device_id, device_name, mac_address, serial_number, os_configured_profiles nodrop
+| where !(os_configured_profiles matches "[]")
+| extract field=os_configured_profiles "(?<os_configured_profiles_logs>\{[^}]*\})" multi
+| json field=os_configured_profiles_logs "name" as profile_name nodrop
+| count by profile_name
+| count as frequency
+```
+
+## Set up collection
+
+Follow the instructions provided to set up [Cloud-to-Cloud Integration for Jamf Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jamf-source/) to create the source and use the same source category while installing the app. By following these steps, you can ensure that your Jamf app is properly integrated and configured to collect and analyze your Jamf data.
+
+## Installing the Jamf app
+
+import AppInstall2 from '../../reuse/apps/app-install-v2.md';
+
+<AppInstall2/>
+
+## Viewing Jamf dashboards
+
+import ViewDashboards from '../../reuse/apps/view-dashboards.md';
+
+<ViewDashboards/>
+
+### Jamf - Inventory Overview
+
+The **Jamf - Inventory Overview** dashboard provides a comprehensive summary of your organization's device inventory and their compliance status. It tracks metrics such as total devices, supervised devices, and those with declarative device management enabled. Key security insights include identifying devices with expired certificates, disabled firewalls, and risky geo-locations. The dashboard also provides detailed breakdowns by platform, management status, and geo-locations. Additional panels display disk encryption, security configurations, and device hardware/software details, enabling IT administrators to maintain robust security standards and operational efficiency across the fleet. <br/> <img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Jamf/Jamf-Inventory-Overview.png')} alt="Jamf - Inventory Overview" style={{border: '1px solid gray'}} width="800" />
+
+### Jamf - Activity Overview
+
+The **Jamf - Activity Overview** dashboard focuses on monitoring operational activities and device commands within your Jamf environment. It tracks the total number of completed, pending, and failed commands and application deployments. The dashboard provides visibility into key events like audit logs, Casper Remote and Imaging statuses, and policy execution. Screen sharing and login activities are visualized over time to identify unusual patterns. Recent audit and policy events are highlighted to ensure timely responses to potential issues. This dashboard is crucial for identifying inefficiencies, troubleshooting failures, and ensuring smooth device management. <br/> <img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Jamf/Jamf-Activity-Overview.png')} alt="Jamf - Activity Overview" style={{border: '1px solid gray'}} width="800" />
+
+### Jamf - Management Overview
+
+The **Jamf - Management Overview** dashboard offers insights into the management policies and configurations within your Jamf environment. It highlights the top apps, eBooks, restricted software, and patch policies to understand their adoption and impact. Panels display metrics on applications and OS configuration profiles by devices, providing a detailed view of policy distribution. Additionally, it offers information on management policy details and patch reporting for software. This dashboard enables administrators to ensure consistent policy enforcement, track usage trends, and maintain an optimized and secure managed environment. <br/> <img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Jamf/Jamf-Management-Overview.png')} alt="Jamf - Management Overview" style={{border: '1px solid gray'}} width="800" />
+ 
+## Create monitors for Jamf app
+
+import CreateMonitors from '../../reuse/apps/create-monitors.md';
+
+<CreateMonitors/>
+
+### Jamf monitors
+
+| Name | Description | Alert Condition | Recover Condition |
+|:--|:--|:--|:--|
+| `Jamf - Devices from Embargoed Locations` | Identifies devices accessing the network from high-risk geo-locations. Helps investigate and mitigate potential unauthorized or suspicious activities. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - FileVault Disabled` | Tracks devices with FileVault disabled, identifying potential risks to data encryption and compliance. Ensures devices meet security standards to protect sensitive information. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - Firewall Disabled` | Monitors devices with disabled firewalls, exposing them to network threats. Ensures adherence to organizational policies for network security. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - Inactive Devices from 30 Days` | Tracks devices that have been inactive for 30 days, identifying potential unused assets. Helps ensure device inventory is current and actively managed. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - Outdated Devices from 30 Days` | Identifies devices running outdated software or OS for over 30 days. Supports timely updates to maintain security and compatibility. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - System Integrity Protection (SIP) Status Disabled` | Detects devices with SIP disabled, highlighting security vulnerabilities. Helps maintain system integrity by enforcing critical macOS protection features. | Count `>` 0 | Count `<=` 0 |
+
+## Upgrade/Downgrade the Jamf app (Optional)
+
+import AppUpdate from '../../reuse/apps/app-update.md';
+
+<AppUpdate/>
+
+## Uninstalling the Jamf app (Optional)
+
+import AppUninstall from '../../reuse/apps/app-uninstall.md';
+
+<AppUninstall/>
\ No newline at end of file

From bd130807e2d6ccd4830d0f39010e8e2364f55810 Mon Sep 17 00:00:00 2001
From: John Pipkin <jpipkin@sumologic.com>
Date: Thu, 2 Jan 2025 10:15:07 -0600
Subject: [PATCH 2/9] Add Jamf app to left nav

---
 docs/integrations/product-list/product-list-a-l.md | 2 +-
 docs/integrations/saas-cloud/index.md              | 6 ++++++
 docs/integrations/saas-cloud/jamf.md               | 2 +-
 sidebars.ts                                        | 1 +
 4 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/docs/integrations/product-list/product-list-a-l.md b/docs/integrations/product-list/product-list-a-l.md
index dea574d2ed..f757efdcc2 100644
--- a/docs/integrations/product-list/product-list-a-l.md
+++ b/docs/integrations/product-list/product-list-a-l.md
@@ -300,7 +300,7 @@ For descriptions of the different types of integrations Sumo Logic offers, see [
 
 | Logo | Vendors and Products | Integrations |
 | :-- | :-- | :-- |
-|  <img src={useBaseUrl('img/integrations/misc/jamf-logo.png')} alt="Thumbnail icon" width="50"/>   | [Jamf](https://www.jamf.com/)  | Automation integration: [Jamf](/docs/platform-services/automation-service/app-central/integrations/jamf/) <br/>Cloud SIEM integration: [Jamf](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/3fe48850-f882-43c3-ab80-1e0354cf2aba.md) <br/>Community app: [Sumo Logic for JAMF](https://github.com/SumoLogic/sumologic-content/tree/master/JAMF) <br/>Partner integration: [Jamf Protect App for Sumo Logic](https://github.com/SumoLogic/sumologic-public-partner-apps/tree/master/JamfProtect) <br/>Collector: [Jamf Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jamf-source) |
+|  <img src={useBaseUrl('img/integrations/misc/jamf-logo.png')} alt="Thumbnail icon" width="50"/>   | [Jamf](https://www.jamf.com/)  | App: [Jamf](/docs/integrations/saas-cloud/jamf)<br/>Automation integration: [Jamf](/docs/platform-services/automation-service/app-central/integrations/jamf/) <br/>Cloud SIEM integration: [Jamf](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/3fe48850-f882-43c3-ab80-1e0354cf2aba.md) <br/>Community app: [Sumo Logic for JAMF](https://github.com/SumoLogic/sumologic-content/tree/master/JAMF) <br/>Partner integration: [Jamf Protect App for Sumo Logic](https://github.com/SumoLogic/sumologic-public-partner-apps/tree/master/JamfProtect) <br/>Collector: [Jamf Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jamf-source) |
 |  <img src={useBaseUrl('img/integrations/app-development/jenkins.png')} alt="Thumbnail icon" width="50"/>   | [Jenkins](https://www.jenkins.io/)  | App: [Jenkins](/docs/integrations/app-development/jenkins/)	 |
 |  <img src={useBaseUrl('img/integrations/app-development/jfrog-Artifactory.png')} alt="Thumbnail icon" width="75"/>   | [JFrog Artifactory](https://jfrog.com/artifactory/)  | Apps:	<br/>- [Artifactory	(6 and 7) - Classic](/docs/integrations/app-development/jfrog-artifactory/) <br/>- [Artifactory - OpenTelemetry](/docs/integrations/app-development/opentelemetry/jfrog-artifactory-opentelemetry/) |
 |  <img src={useBaseUrl('img/integrations/app-development/jfrog-xray.png')} alt="Thumbnail icon" width="50"/>   | [JFrog Xray](https://jfrog.com/help/r/get-started-with-the-jfrog-platform/jfrog-xray)  | 	App: [JFrog Xray](/docs/integrations/app-development/jfrog-xray/) <br/>Collector: [JFrog Xray Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jfrog-xray-source/) |
diff --git a/docs/integrations/saas-cloud/index.md b/docs/integrations/saas-cloud/index.md
index f1096fc25b..3a19db3d35 100644
--- a/docs/integrations/saas-cloud/index.md
+++ b/docs/integrations/saas-cloud/index.md
@@ -165,6 +165,12 @@ Learn about the Sumo Logic apps for SaaS and Cloud applications.
   <p>Gain visibility into your Istio and control plane component performance.</p>
   </div>
 </div>
+<div className="box smallbox card">
+  <div className="container">
+  <a href="/docs/integrations/saas-cloud/jamf"><img src={useBaseUrl('img/send-data/jamf.png')} alt="icon" width="100"/><h4>Jamf</h4></a>
+  <p>Get critical insights into your organization's Jamf environment.</p>
+  </div>
+</div>
 <div className="box smallbox card">
   <div className="container">
   <a href="/docs/integrations/saas-cloud/kandji"><img src={useBaseUrl('img/send-data/kandji-logo.png')} alt="icon" width="100" /><h4>Kandji</h4></a>
diff --git a/docs/integrations/saas-cloud/jamf.md b/docs/integrations/saas-cloud/jamf.md
index 4de7cba917..4356755037 100644
--- a/docs/integrations/saas-cloud/jamf.md
+++ b/docs/integrations/saas-cloud/jamf.md
@@ -12,7 +12,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 The Sumo Logic App for Jamf is designed to empower IT administrators and security analysts with critical insights into their organization's Jamf environment. It provides real-time monitoring of device inventory, management activities, and security configurations. With pre-built dashboards, the app enables users to track key metrics, such as device compliance, software deployments, command statuses, and security risks. Analysts can quickly identify anomalous behaviors, such as devices with expired certificates, risky geo-locations, or failed management actions, through detailed visualizations. The app also highlights trends in device usage, audit events, and management policy adoption, ensuring seamless tracking of compliance and security metrics. By integrating with Jamf, the app offers a centralized view to detect, investigate, and respond to threats and operational inefficiencies effectively, making it an essential tool for maintaining the integrity of your Jamf-managed environment.
 
 :::info
-This app includes [built-in monitors](#jamf-monitors). For details on creating custom monitors, refer to the [Create monitors for Jamf app](#create-monitors-for-jamf-app).
+This app includes [built-in monitors](#jamf-monitors). For details on creating custom monitors, refer to [Create monitors for Jamf app](#create-monitors-for-jamf-app).
 :::
 
 ## Log types
diff --git a/sidebars.ts b/sidebars.ts
index b9d2548ef2..e8f27856f1 100644
--- a/sidebars.ts
+++ b/sidebars.ts
@@ -2462,6 +2462,7 @@ integrations: [
           'integrations/saas-cloud/fastly',
           'integrations/saas-cloud/gmail-tracelogs',
           'integrations/saas-cloud/istio',
+          'integrations/saas-cloud/jamf',
           'integrations/saas-cloud/kandji',
           'integrations/saas-cloud/knowbe4',
           'integrations/saas-cloud/lastpass',

From 8be05a470f5015e5f453f979512eb4e9fb844582 Mon Sep 17 00:00:00 2001
From: Jagadisha V <129049263+JV0812@users.noreply.github.com>
Date: Fri, 3 Jan 2025 12:41:59 +0530
Subject: [PATCH 3/9] content update

---
 docs/integrations/saas-cloud/jamf.md | 38 +++++++++++++++-------------
 1 file changed, 20 insertions(+), 18 deletions(-)

diff --git a/docs/integrations/saas-cloud/jamf.md b/docs/integrations/saas-cloud/jamf.md
index 4356755037..2c927b3da2 100644
--- a/docs/integrations/saas-cloud/jamf.md
+++ b/docs/integrations/saas-cloud/jamf.md
@@ -2,24 +2,26 @@
 id: jamf
 title: Jamf
 sidebar_label: Jamf
-description: The Sumo Logic App for Jamf is designed to empower IT administrators and security analysts with critical insights into their organization's Jamf environment.
+description: The Sumo Logic app for Jamf is designed to empower IT administrators and security analysts with critical insights into their organization's Jamf environment.
 ---
 
 import useBaseUrl from '@docusaurus/useBaseUrl';
 
 <img src={useBaseUrl('img/send-data/jamf.png')} alt="jamf" width="85"/>
 
-The Sumo Logic App for Jamf is designed to empower IT administrators and security analysts with critical insights into their organization's Jamf environment. It provides real-time monitoring of device inventory, management activities, and security configurations. With pre-built dashboards, the app enables users to track key metrics, such as device compliance, software deployments, command statuses, and security risks. Analysts can quickly identify anomalous behaviors, such as devices with expired certificates, risky geo-locations, or failed management actions, through detailed visualizations. The app also highlights trends in device usage, audit events, and management policy adoption, ensuring seamless tracking of compliance and security metrics. By integrating with Jamf, the app offers a centralized view to detect, investigate, and respond to threats and operational inefficiencies effectively, making it an essential tool for maintaining the integrity of your Jamf-managed environment.
+The Sumo Logic app for Jamf empowers IT administrators and security analysts with critical insights into their organization's Jamf environment. It monitors device inventory, management activities, and security configurations. With pre-built dashboards, the app enables users to track key metrics, such as device compliance, software deployments, command statuses, and security risks. Analysts can quickly identify anomalous behaviors, such as devices with expired certificates, risky geo-locations, or failed management actions, through detailed visualizations. 
+
+The app also highlights trends in device usage, audit events, and management policy adoption, ensuring seamless tracking of compliance and security metrics. By integrating with Jamf, the app offers a centralized view to detect, investigate, and respond effectively to threats and operational inefficiencies, making it an essential tool for maintaining the integrity of your Jamf managed environment.
 
 :::info
-This app includes [built-in monitors](#jamf-monitors). For details on creating custom monitors, refer to [Create monitors for Jamf app](#create-monitors-for-jamf-app).
+This app includes [built-in monitors](#jamf-monitors). For details on creating custom monitors, refer to the [Create monitors for Jamf app](#create-monitors-for-jamf-app).
 :::
 
 ## Log types
 
 This app uses Sumo Logic’s [Jamf Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/jamf-source/) to collect the logs from the Jamf platform.
 
-### Sample log message
+### Sample log messages
 
 <details>
 <summary>Computer Inventory Logs</summary>
@@ -862,25 +864,25 @@ import AppInstall2 from '../../reuse/apps/app-install-v2.md';
 
 <AppInstall2/>
 
-## Viewing Jamf dashboards
+## Viewing the Jamf dashboards
 
 import ViewDashboards from '../../reuse/apps/view-dashboards.md';
 
 <ViewDashboards/>
 
-### Jamf - Inventory Overview
+### Inventory Overview
 
-The **Jamf - Inventory Overview** dashboard provides a comprehensive summary of your organization's device inventory and their compliance status. It tracks metrics such as total devices, supervised devices, and those with declarative device management enabled. Key security insights include identifying devices with expired certificates, disabled firewalls, and risky geo-locations. The dashboard also provides detailed breakdowns by platform, management status, and geo-locations. Additional panels display disk encryption, security configurations, and device hardware/software details, enabling IT administrators to maintain robust security standards and operational efficiency across the fleet. <br/> <img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Jamf/Jamf-Inventory-Overview.png')} alt="Jamf - Inventory Overview" style={{border: '1px solid gray'}} width="800" />
+The **Jamf - Inventory Overview** dashboard provides a comprehensive summary of your organization's device inventory and their compliance status. It tracks metrics such as total devices, supervised devices, and those with declarative device management enabled. Key security insights include identifying devices with expired certificates, disabled firewalls, and risky geo-locations. The dashboard also provides detailed breakdowns by platform, management status, and geo-locations. Additional panels display disk encryption, security configurations, and device hardware/software details, enabling IT administrators to maintain robust security standards and operational efficiency across the fleet. <br/> <img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Jamf/Jamf-Inventory-Overview.png')} alt="Jamf-Inventory Overview" style={{border: '1px solid gray'}} width="800" />
 
-### Jamf - Activity Overview
+### Activity Overview
 
-The **Jamf - Activity Overview** dashboard focuses on monitoring operational activities and device commands within your Jamf environment. It tracks the total number of completed, pending, and failed commands and application deployments. The dashboard provides visibility into key events like audit logs, Casper Remote and Imaging statuses, and policy execution. Screen sharing and login activities are visualized over time to identify unusual patterns. Recent audit and policy events are highlighted to ensure timely responses to potential issues. This dashboard is crucial for identifying inefficiencies, troubleshooting failures, and ensuring smooth device management. <br/> <img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Jamf/Jamf-Activity-Overview.png')} alt="Jamf - Activity Overview" style={{border: '1px solid gray'}} width="800" />
+The **Jamf - Activity Overview** dashboard focuses on monitoring operational activities and device commands within your Jamf environment. It tracks the total number of completed, pending, and failed commands and application deployments. The dashboard provides visibility into key events like audit logs, Casper Remote and Imaging statuses, and policy execution. Screen sharing and login activities are visualized over time to identify unusual patterns. Recent audit and policy events are highlighted to ensure timely responses to potential issues. This dashboard is crucial for identifying inefficiencies, troubleshooting failures, and ensuring smooth device management. <br/> <img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Jamf/Jamf-Activity-Overview.png')} alt="Jamf-Activity Overview" style={{border: '1px solid gray'}} width="800" />
 
-### Jamf - Management Overview
+### Management Overview
 
-The **Jamf - Management Overview** dashboard offers insights into the management policies and configurations within your Jamf environment. It highlights the top apps, eBooks, restricted software, and patch policies to understand their adoption and impact. Panels display metrics on applications and OS configuration profiles by devices, providing a detailed view of policy distribution. Additionally, it offers information on management policy details and patch reporting for software. This dashboard enables administrators to ensure consistent policy enforcement, track usage trends, and maintain an optimized and secure managed environment. <br/> <img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Jamf/Jamf-Management-Overview.png')} alt="Jamf - Management Overview" style={{border: '1px solid gray'}} width="800" />
+The **Jamf - Management Overview** dashboard offers insights into the management policies and configurations within your Jamf environment. It highlights the top apps, eBooks, restricted software, and patch policies to understand their adoption and impact. Panels display metrics on applications and OS configuration profiles by devices, providing a detailed view of policy distribution. Additionally, it offers information on management policy details and patch reporting for software. This dashboard enables administrators to ensure consistent policy enforcement, track usage trends, and maintain an optimized and secure managed environment. <br/> <img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Jamf/Jamf-Management-Overview.png')} alt="Jamf-Management Overview" style={{border: '1px solid gray'}} width="800" />
  
-## Create monitors for Jamf app
+## Create monitors for the Jamf app
 
 import CreateMonitors from '../../reuse/apps/create-monitors.md';
 
@@ -890,12 +892,12 @@ import CreateMonitors from '../../reuse/apps/create-monitors.md';
 
 | Name | Description | Alert Condition | Recover Condition |
 |:--|:--|:--|:--|
-| `Jamf - Devices from Embargoed Locations` | Identifies devices accessing the network from high-risk geo-locations. Helps investigate and mitigate potential unauthorized or suspicious activities. | Count `>` 0 | Count `<=` 0 |
-| `Jamf - FileVault Disabled` | Tracks devices with FileVault disabled, identifying potential risks to data encryption and compliance. Ensures devices meet security standards to protect sensitive information. | Count `>` 0 | Count `<=` 0 |
-| `Jamf - Firewall Disabled` | Monitors devices with disabled firewalls, exposing them to network threats. Ensures adherence to organizational policies for network security. | Count `>` 0 | Count `<=` 0 |
-| `Jamf - Inactive Devices from 30 Days` | Tracks devices that have been inactive for 30 days, identifying potential unused assets. Helps ensure device inventory is current and actively managed. | Count `>` 0 | Count `<=` 0 |
-| `Jamf - Outdated Devices from 30 Days` | Identifies devices running outdated software or OS for over 30 days. Supports timely updates to maintain security and compatibility. | Count `>` 0 | Count `<=` 0 |
-| `Jamf - System Integrity Protection (SIP) Status Disabled` | Detects devices with SIP disabled, highlighting security vulnerabilities. Helps maintain system integrity by enforcing critical macOS protection features. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - Devices from Embargoed Locations` | This alert is triggered if devices accessing the network from high-risk geo-locations are identified. Helps investigate and mitigate potential unauthorized or suspicious activities. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - FileVault Disabled` | This alert is triggered if devices with FileVault disabled are identified, identifying potential risks to data encryption and compliance. Ensures devices meet security standards to protect sensitive information. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - Firewall Disabled` | This alert is triggered if devices with disabled firewalls are identified, exposing them to network threats. Ensures adherence to organizational policies for network security. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - Inactive Devices from 30 Days` | This alert is triggered if devices are inactive for 30 days, identifying potential unused assets. Helps ensure device inventory is current and actively managed. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - Outdated Devices from 30 Days` | This alert is triggered if devices are running with outdated software or OS for over 30 days. Supports timely updates to maintain security and compatibility. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - System Integrity Protection (SIP) Status Disabled` | This alert is triggered if devices with SIP disabled are detected, highlighting security vulnerabilities. Helps maintain system integrity by enforcing critical macOS protection features. | Count `>` 0 | Count `<=` 0 |
 
 ## Upgrade/Downgrade the Jamf app (Optional)
 

From 04aad5d6e4ce081b45a9e18cd0c95a17950c1ade Mon Sep 17 00:00:00 2001
From: Jagadisha V <129049263+JV0812@users.noreply.github.com>
Date: Fri, 3 Jan 2025 12:46:16 +0530
Subject: [PATCH 4/9] minor fix

---
 docs/integrations/saas-cloud/jamf.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/integrations/saas-cloud/jamf.md b/docs/integrations/saas-cloud/jamf.md
index 2c927b3da2..20a409fcc7 100644
--- a/docs/integrations/saas-cloud/jamf.md
+++ b/docs/integrations/saas-cloud/jamf.md
@@ -872,7 +872,7 @@ import ViewDashboards from '../../reuse/apps/view-dashboards.md';
 
 ### Inventory Overview
 
-The **Jamf - Inventory Overview** dashboard provides a comprehensive summary of your organization's device inventory and their compliance status. It tracks metrics such as total devices, supervised devices, and those with declarative device management enabled. Key security insights include identifying devices with expired certificates, disabled firewalls, and risky geo-locations. The dashboard also provides detailed breakdowns by platform, management status, and geo-locations. Additional panels display disk encryption, security configurations, and device hardware/software details, enabling IT administrators to maintain robust security standards and operational efficiency across the fleet. <br/> <img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Jamf/Jamf-Inventory-Overview.png')} alt="Jamf-Inventory Overview" style={{border: '1px solid gray'}} width="800" />
+The **Jamf - Inventory Overview** dashboard provides a comprehensive summary of your organization's device inventory and its compliance status. It tracks metrics such as total devices, supervised devices, and those with declarative device management enabled. Key security insights include identifying devices with expired certificates, disabled firewalls, and risky geo-locations. The dashboard also provides detailed breakdowns by platform, management status, and geo-locations. Additional panels display disk encryption, security configurations, and device hardware/software details, enabling IT administrators to maintain robust security standards and operational efficiency across the fleet. <br/> <img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Jamf/Jamf-Inventory-Overview.png')} alt="Jamf-Inventory Overview" style={{border: '1px solid gray'}} width="800" />
 
 ### Activity Overview
 

From 0ee22979c6beadc13ede87adfa2d49ca5886861a Mon Sep 17 00:00:00 2001
From: Jagadisha V <129049263+JV0812@users.noreply.github.com>
Date: Fri, 3 Jan 2025 13:06:35 +0530
Subject: [PATCH 5/9] release note added

---
 blog-service/2025-01-05-apps.md      | 14 ++++++++++++++
 docs/integrations/saas-cloud/jamf.md |  2 +-
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 blog-service/2025-01-05-apps.md

diff --git a/blog-service/2025-01-05-apps.md b/blog-service/2025-01-05-apps.md
new file mode 100644
index 0000000000..40aeaa34b6
--- /dev/null
+++ b/blog-service/2025-01-05-apps.md
@@ -0,0 +1,14 @@
+---
+title: Jamf (Apps)
+hide_table_of_contents: true
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - apps
+  - jamf
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-csoar/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+We're excited to introduce the new Jamf app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud Jamf source that collects inventory data from the Jamf platform. This app helps security analysts with critical insights into their organization's Jamf environment. [Learn more](/docs/integrations/saas-cloud/jamf/).
\ No newline at end of file
diff --git a/docs/integrations/saas-cloud/jamf.md b/docs/integrations/saas-cloud/jamf.md
index 20a409fcc7..85070f1ff7 100644
--- a/docs/integrations/saas-cloud/jamf.md
+++ b/docs/integrations/saas-cloud/jamf.md
@@ -14,7 +14,7 @@ The Sumo Logic app for Jamf empowers IT administrators and security analysts wit
 The app also highlights trends in device usage, audit events, and management policy adoption, ensuring seamless tracking of compliance and security metrics. By integrating with Jamf, the app offers a centralized view to detect, investigate, and respond effectively to threats and operational inefficiencies, making it an essential tool for maintaining the integrity of your Jamf managed environment.
 
 :::info
-This app includes [built-in monitors](#jamf-monitors). For details on creating custom monitors, refer to the [Create monitors for Jamf app](#create-monitors-for-jamf-app).
+This app includes [built-in monitors](#jamf-monitors). For details on creating custom monitors, refer to the [Create monitors for Jamf app](#create-monitors-for-the-jamf-app).
 :::
 
 ## Log types

From a64a24aa56df69cd5a6ec55d864392e82779c6c3 Mon Sep 17 00:00:00 2001
From: darshan-sumo <darshan.lukhi.ctr@sumologic.com>
Date: Fri, 10 Jan 2025 13:10:42 +0530
Subject: [PATCH 6/9] DOCS-617: Updated queries, monitors and dashboard desc

---
 docs/integrations/saas-cloud/jamf.md | 63 ++++++++++++++++------------
 1 file changed, 37 insertions(+), 26 deletions(-)

diff --git a/docs/integrations/saas-cloud/jamf.md b/docs/integrations/saas-cloud/jamf.md
index 85070f1ff7..a275f0865a 100644
--- a/docs/integrations/saas-cloud/jamf.md
+++ b/docs/integrations/saas-cloud/jamf.md
@@ -2,16 +2,14 @@
 id: jamf
 title: Jamf
 sidebar_label: Jamf
-description: The Sumo Logic app for Jamf is designed to empower IT administrators and security analysts with critical insights into their organization's Jamf environment.
+description: The Sumo Logic App for Jamf provides IT and security analysts with comprehensive visibility into their organization's Jamf-managed Apple device environment.
 ---
 
 import useBaseUrl from '@docusaurus/useBaseUrl';
 
 <img src={useBaseUrl('img/send-data/jamf.png')} alt="jamf" width="85"/>
 
-The Sumo Logic app for Jamf empowers IT administrators and security analysts with critical insights into their organization's Jamf environment. It monitors device inventory, management activities, and security configurations. With pre-built dashboards, the app enables users to track key metrics, such as device compliance, software deployments, command statuses, and security risks. Analysts can quickly identify anomalous behaviors, such as devices with expired certificates, risky geo-locations, or failed management actions, through detailed visualizations. 
-
-The app also highlights trends in device usage, audit events, and management policy adoption, ensuring seamless tracking of compliance and security metrics. By integrating with Jamf, the app offers a centralized view to detect, investigate, and respond effectively to threats and operational inefficiencies, making it an essential tool for maintaining the integrity of your Jamf managed environment.
+The Sumo Logic App for Jamf provides IT and security analysts with comprehensive visibility into their organization's Jamf-managed Apple device environment. This app facilitates real-time monitoring of inventory, activity, and management-related metrics across devices. It tracks key security and compliance indicators such as supervised devices, unencrypted disks, expired certificates, and software vulnerabilities. With its powerful dashboards, analysts can identify and address potential risks like unapproved software, failed policies, or devices with harmful applications. The app offers detailed visualizations of device statuses, geographic trends, and audit events, enabling efficient detection and investigation of anomalies. By integrating seamlessly with Jamf, this app empowers organizations to enforce security policies, ensure compliance, and maintain an optimized device fleet.
 
 :::info
 This app includes [built-in monitors](#jamf-monitors). For details on creating custom monitors, refer to the [Create monitors for Jamf app](#create-monitors-for-the-jamf-app).
@@ -817,41 +815,51 @@ This app uses Sumo Logic’s [Jamf Source](/docs/send-data/hosted-collectors/clo
 
 ### Sample queries
 
-```sql title="Active Devices over Time"
+```sql title="Total Devices"
 _sourceCategory="Labs/Jamf" !computer_history !computer_management
 | parse regex "^\{\s*\"id\"\s*:\s*\"(?<device_id>\d+)\",.*" nodrop
 | parse regex ".*\"platform\"\s*:\s*\"(?<platform>[^,]+)\",.*" nodrop
-| parse regex ".*\"lastContactTime\"\s*:\s*\"(?<time>[^,]+)\",.*" nodrop
 
 // global filters
 | where platform matches "{{platform}}"
+| where device_id matches "{{device_id}}"
 
-| parseDate(time, "yyyy-MM-dd'T'HH:mm:ss.SSS") as _timeslice 
-| timeslice 1d
-| count by device_id, _timeslice
-| count as frequency by _timeslice
-| fillmissing timeslice
+| count by device_id
+| count as num_devices
 ```
 
-```sql title="Most Installed Applications"
+```sql title="Top 10 Installed Applications"
 _sourceCategory="Labs/Jamf" computer_history
 | json "computer_history.general.id", "computer_history.general.name", "computer_history.general.mac_address", "computer_history.general.serial_number", "computer_history.mac_app_store_applications.installed[*]" as device_id, device_name, mac_address, serial_number, installed_apps nodrop
 | where !(installed_apps matches "[]")
-| extract field=installed_apps "(?<apps>\{[^}]*\})" multi
+
+// global filters
+| where device_id matches "{{device_id}}"
+
+| parse regex field=installed_apps "(?<apps>\{[^}]*\})" multi
 | json field=apps "name" as name nodrop
+
 | count by name, device_id
-| count as frequency by name
-| sort by frequency, name
+| count as num_devices by name
+| top 10 name by num_devices
+| sort by num_devices, name
 ```
 
 ```sql title="Unique Configured OS Profiles"
 _sourceCategory="Labs/Jamf" computer_management
 | json "computer_management.general.id", "computer_management.general.name", "computer_management.general.mac_address", "computer_management.general.serial_number", "computer_management.os_x_configuration_profiles[*]" as device_id, device_name, mac_address, serial_number, os_configured_profiles nodrop
 | where !(os_configured_profiles matches "[]")
-| extract field=os_configured_profiles "(?<os_configured_profiles_logs>\{[^}]*\})" multi
+
+// global filters
+| where device_id matches "{{device_id}}"
+
+| first(os_configured_profiles) as latest_os_configured_profiles by device_id
+
+| parse regex field=latest_os_configured_profiles "(?<os_configured_profiles_logs>\{[^}]*\})" multi
 | json field=os_configured_profiles_logs "name" as profile_name nodrop
+
 | count by profile_name
-| count as frequency
+| count as num_profiles
 ```
 
 ## Set up collection
@@ -872,15 +880,15 @@ import ViewDashboards from '../../reuse/apps/view-dashboards.md';
 
 ### Inventory Overview
 
-The **Jamf - Inventory Overview** dashboard provides a comprehensive summary of your organization's device inventory and its compliance status. It tracks metrics such as total devices, supervised devices, and those with declarative device management enabled. Key security insights include identifying devices with expired certificates, disabled firewalls, and risky geo-locations. The dashboard also provides detailed breakdowns by platform, management status, and geo-locations. Additional panels display disk encryption, security configurations, and device hardware/software details, enabling IT administrators to maintain robust security standards and operational efficiency across the fleet. <br/> <img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Jamf/Jamf-Inventory-Overview.png')} alt="Jamf-Inventory Overview" style={{border: '1px solid gray'}} width="800" />
+The **Jamf - Inventory Overview** dashboard provides a comprehensive summary of the organization's Apple device inventory. It tracks total devices, their management statuses, and critical security metrics like unencrypted disks, expired certificates, and devices with firewall off. Analysts can visualize device distribution by platform, monitor geolocation trends, and detect vulnerable or embargoed devices. The dashboard highlights devices with expiring certificates, recently enrolled configurations, and unencrypted disks, offering actionable insights to maintain security and compliance. Additionally, it tracks the top OS versions, licensed software, and recent software updates to ensure devices stay up-to-date and secure. <br/> <img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Jamf/Jamf-Inventory-Overview.png')} alt="Jamf-Inventory Overview" style={{border: '1px solid gray'}} width="800" />
 
 ### Activity Overview
 
-The **Jamf - Activity Overview** dashboard focuses on monitoring operational activities and device commands within your Jamf environment. It tracks the total number of completed, pending, and failed commands and application deployments. The dashboard provides visibility into key events like audit logs, Casper Remote and Imaging statuses, and policy execution. Screen sharing and login activities are visualized over time to identify unusual patterns. Recent audit and policy events are highlighted to ensure timely responses to potential issues. This dashboard is crucial for identifying inefficiencies, troubleshooting failures, and ensuring smooth device management. <br/> <img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Jamf/Jamf-Activity-Overview.png')} alt="Jamf-Activity Overview" style={{border: '1px solid gray'}} width="800" />
+The **Jamf - Activity Overview** dashboard focuses on monitoring command and application statuses, policy executions, and user activity. It highlights the top completed, pending, and failed commands, as well as devices with frequent command or application failures. Analysts can explore trends in policy failures over time, identify devices with problematic screen-sharing events, and monitor Casper Remote and Imaging events. This dashboard provides critical insights into operational issues, enabling timely resolution of failed policies, commands, and application installations to ensure seamless device management. <br/> <img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Jamf/Jamf-Activity-Overview.png')} alt="Jamf-Activity Overview" style={{border: '1px solid gray'}} width="800" />
 
 ### Management Overview
 
-The **Jamf - Management Overview** dashboard offers insights into the management policies and configurations within your Jamf environment. It highlights the top apps, eBooks, restricted software, and patch policies to understand their adoption and impact. Panels display metrics on applications and OS configuration profiles by devices, providing a detailed view of policy distribution. Additionally, it offers information on management policy details and patch reporting for software. This dashboard enables administrators to ensure consistent policy enforcement, track usage trends, and maintain an optimized and secure managed environment. <br/> <img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Jamf/Jamf-Management-Overview.png')} alt="Jamf-Management Overview" style={{border: '1px solid gray'}} width="800" />
+The **Jamf - Management Overview** dashboard delivers an in-depth view of management configurations across the organization's device fleet. It tracks unique configured OS profiles, policies, restricted software, and harmful applications. Analysts can identify devices running outdated software versions or those impacted by harmful profiles or applications. The dashboard also provides a detailed breakdown of management policies, top apps, and OS configuration profiles, ensuring that administrators maintain an optimized and secure management environment. <br/> <img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Jamf/Jamf-Management-Overview.png')} alt="Jamf-Management Overview" style={{border: '1px solid gray'}} width="800" />
  
 ## Create monitors for the Jamf app
 
@@ -892,12 +900,15 @@ import CreateMonitors from '../../reuse/apps/create-monitors.md';
 
 | Name | Description | Alert Condition | Recover Condition |
 |:--|:--|:--|:--|
-| `Jamf - Devices from Embargoed Locations` | This alert is triggered if devices accessing the network from high-risk geo-locations are identified. Helps investigate and mitigate potential unauthorized or suspicious activities. | Count `>` 0 | Count `<=` 0 |
-| `Jamf - FileVault Disabled` | This alert is triggered if devices with FileVault disabled are identified, identifying potential risks to data encryption and compliance. Ensures devices meet security standards to protect sensitive information. | Count `>` 0 | Count `<=` 0 |
-| `Jamf - Firewall Disabled` | This alert is triggered if devices with disabled firewalls are identified, exposing them to network threats. Ensures adherence to organizational policies for network security. | Count `>` 0 | Count `<=` 0 |
-| `Jamf - Inactive Devices from 30 Days` | This alert is triggered if devices are inactive for 30 days, identifying potential unused assets. Helps ensure device inventory is current and actively managed. | Count `>` 0 | Count `<=` 0 |
-| `Jamf - Outdated Devices from 30 Days` | This alert is triggered if devices are running with outdated software or OS for over 30 days. Supports timely updates to maintain security and compatibility. | Count `>` 0 | Count `<=` 0 |
-| `Jamf - System Integrity Protection (SIP) Status Disabled` | This alert is triggered if devices with SIP disabled are detected, highlighting security vulnerabilities. Helps maintain system integrity by enforcing critical macOS protection features. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - Devices from Embargoed Locations` | Monitors devices accessed from high-risk geographic locations, enabling analysts to detect and investigate potential security threats. This monitor helps track unusual or suspicious device usage patterns and ensures compliance with geolocation-based security policies. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - Devices with 0 security score` | Tracks devices with no assigned security score, highlighting unmanaged or non-compliant devices. This monitor ensures analysts can identify and prioritize addressing security gaps in the organization’s fleet. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - FileVault Disabled` | Identifies devices where FileVault encryption is disabled, posing a risk of data theft. This monitor ensures that disk encryption policies are enforced to protect sensitive organizational data. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - Firewall Disabled` | Detects devices with the firewall turned off, exposing them to network-based threats. This monitor helps enforce network security policies and minimizes the risk of unauthorized access. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - High Command Failures` | Highlights devices with repeated command execution failures, signaling possible operational issues. This monitor allows timely investigation and resolution of command failures to maintain device functionality. | Count `>` 50 | Count `<=` 50 |
+| `Jamf - High Policy Failures` | Monitors devices experiencing frequent policy application failures, which may lead to compliance risks. This monitor ensures that all devices adhere to organizational security and management policies. | Count `>` 50 | Count `<=` 50 |
+| `Jamf - Inactive Devices from 30 Days` | Identifies devices that have been inactive for over 30 days, signaling potential operational inefficiencies or security concerns. This monitor helps organizations track and optimize device utilization. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - Outdated Devices from 30 Days` | Tracks devices running outdated software or configurations for over 30 days, increasing vulnerability risks. This monitor ensures timely updates and adherence to security standards. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - System Integrity Protection (SIP) Status Disabled` | Detects devices with SIP disabled, compromising macOS security features. This monitor ensures SIP remains enabled to safeguard devices from unauthorized modifications and vulnerabilities. | Count `>` 0 | Count `<=` 0 |
 
 ## Upgrade/Downgrade the Jamf app (Optional)
 

From 2b1400b1161eba908da095a66dcc060e803e9662 Mon Sep 17 00:00:00 2001
From: darshan-sumo <darshan.lukhi.ctr@sumologic.com>
Date: Fri, 10 Jan 2025 15:58:51 +0530
Subject: [PATCH 7/9] DOCS-617: Updated content for monitors

---
 docs/integrations/saas-cloud/jamf.md | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/docs/integrations/saas-cloud/jamf.md b/docs/integrations/saas-cloud/jamf.md
index a275f0865a..c5321a1d66 100644
--- a/docs/integrations/saas-cloud/jamf.md
+++ b/docs/integrations/saas-cloud/jamf.md
@@ -900,15 +900,15 @@ import CreateMonitors from '../../reuse/apps/create-monitors.md';
 
 | Name | Description | Alert Condition | Recover Condition |
 |:--|:--|:--|:--|
-| `Jamf - Devices from Embargoed Locations` | Monitors devices accessed from high-risk geographic locations, enabling analysts to detect and investigate potential security threats. This monitor helps track unusual or suspicious device usage patterns and ensures compliance with geolocation-based security policies. | Count `>` 0 | Count `<=` 0 |
-| `Jamf - Devices with 0 security score` | Tracks devices with no assigned security score, highlighting unmanaged or non-compliant devices. This monitor ensures analysts can identify and prioritize addressing security gaps in the organization’s fleet. | Count `>` 0 | Count `<=` 0 |
-| `Jamf - FileVault Disabled` | Identifies devices where FileVault encryption is disabled, posing a risk of data theft. This monitor ensures that disk encryption policies are enforced to protect sensitive organizational data. | Count `>` 0 | Count `<=` 0 |
-| `Jamf - Firewall Disabled` | Detects devices with the firewall turned off, exposing them to network-based threats. This monitor helps enforce network security policies and minimizes the risk of unauthorized access. | Count `>` 0 | Count `<=` 0 |
-| `Jamf - High Command Failures` | Highlights devices with repeated command execution failures, signaling possible operational issues. This monitor allows timely investigation and resolution of command failures to maintain device functionality. | Count `>` 50 | Count `<=` 50 |
-| `Jamf - High Policy Failures` | Monitors devices experiencing frequent policy application failures, which may lead to compliance risks. This monitor ensures that all devices adhere to organizational security and management policies. | Count `>` 50 | Count `<=` 50 |
-| `Jamf - Inactive Devices from 30 Days` | Identifies devices that have been inactive for over 30 days, signaling potential operational inefficiencies or security concerns. This monitor helps organizations track and optimize device utilization. | Count `>` 0 | Count `<=` 0 |
-| `Jamf - Outdated Devices from 30 Days` | Tracks devices running outdated software or configurations for over 30 days, increasing vulnerability risks. This monitor ensures timely updates and adherence to security standards. | Count `>` 0 | Count `<=` 0 |
-| `Jamf - System Integrity Protection (SIP) Status Disabled` | Detects devices with SIP disabled, compromising macOS security features. This monitor ensures SIP remains enabled to safeguard devices from unauthorized modifications and vulnerabilities. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - Devices from Embargoed Locations` | This alert is triggered if devices accessed from high-risk geographic locations are identified, enabling analysts to detect and investigate potential security threats. This monitor helps track unusual or suspicious device usage patterns and ensures compliance with geolocation-based security policies. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - Devices with 0 security score` | This alert is triggered if devices with no assigned security score are identified, highlighting unmanaged or non-compliant devices. This monitor ensures analysts can identify and prioritize addressing security gaps in the organization’s fleet. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - FileVault Disabled` | This alert is triggered if devices where FileVault encryption is disabled, posing a risk of data theft. This monitor ensures that disk encryption policies are enforced to protect sensitive organizational data. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - Firewall Disabled` | This alert is triggered if devices with the firewall turned off are identified, exposing them to network-based threats. This monitor helps enforce network security policies and minimizes the risk of unauthorized access. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - High Command Failures` | This alert is triggered if devices with repeated command execution failures are identified, signaling possible operational issues. This monitor allows timely investigation and resolution of command failures to maintain device functionality. | Count `>` 50 | Count `<=` 50 |
+| `Jamf - High Policy Failures` | This alert is triggered if devices are experiencing frequent policy application failures, which may lead to compliance risks. This monitor ensures that all devices adhere to organizational security and management policies. | Count `>` 50 | Count `<=` 50 |
+| `Jamf - Inactive Devices from 30 Days` | This alert is triggered if devices that have been inactive for over 30 days, signaling potential operational inefficiencies or security concerns. This monitor helps organizations track and optimize device utilization. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - Outdated Devices from 30 Days` | This alert is triggered if devices are running outdated for over 30 days, increasing vulnerability risks. This monitor ensures timely updates and adherence to security standards. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - System Integrity Protection (SIP) Status Disabled` | This alert is triggered if devices with SIP disabled are identified, compromising macOS security features. This monitor ensures SIP remains enabled to safeguard devices from unauthorized modifications and vulnerabilities. | Count `>` 0 | Count `<=` 0 |
 
 ## Upgrade/Downgrade the Jamf app (Optional)
 

From 6b98bd45b64b56e9f6b0f4fb91b1b3c9e354e5be Mon Sep 17 00:00:00 2001
From: Jagadisha V <129049263+JV0812@users.noreply.github.com>
Date: Fri, 10 Jan 2025 16:19:13 +0530
Subject: [PATCH 8/9] Update jamf.md

---
 docs/integrations/saas-cloud/jamf.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/docs/integrations/saas-cloud/jamf.md b/docs/integrations/saas-cloud/jamf.md
index c5321a1d66..c5b12d4461 100644
--- a/docs/integrations/saas-cloud/jamf.md
+++ b/docs/integrations/saas-cloud/jamf.md
@@ -2,14 +2,14 @@
 id: jamf
 title: Jamf
 sidebar_label: Jamf
-description: The Sumo Logic App for Jamf provides IT and security analysts with comprehensive visibility into their organization's Jamf-managed Apple device environment.
+description: The Sumo Logic app for Jamf provides IT and security analysts with comprehensive visibility into their organization's Jamf-managed Apple device environment.
 ---
 
 import useBaseUrl from '@docusaurus/useBaseUrl';
 
 <img src={useBaseUrl('img/send-data/jamf.png')} alt="jamf" width="85"/>
 
-The Sumo Logic App for Jamf provides IT and security analysts with comprehensive visibility into their organization's Jamf-managed Apple device environment. This app facilitates real-time monitoring of inventory, activity, and management-related metrics across devices. It tracks key security and compliance indicators such as supervised devices, unencrypted disks, expired certificates, and software vulnerabilities. With its powerful dashboards, analysts can identify and address potential risks like unapproved software, failed policies, or devices with harmful applications. The app offers detailed visualizations of device statuses, geographic trends, and audit events, enabling efficient detection and investigation of anomalies. By integrating seamlessly with Jamf, this app empowers organizations to enforce security policies, ensure compliance, and maintain an optimized device fleet.
+The Sumo Logic app for Jamf provides IT and security analysts with comprehensive visibility into their organization's Jamf-managed Apple device environment. This app facilitates real-time monitoring of inventory, activity, and management-related metrics across devices. It tracks key security and compliance indicators such as supervised devices, unencrypted disks, expired certificates, and software vulnerabilities. With its powerful dashboards, analysts can identify and address potential risks like unapproved software, failed policies, or devices with harmful applications. The app offers detailed visualizations of device statuses, geographic trends, and audit events, enabling efficient detection and investigation of anomalies. By integrating seamlessly with Jamf, this app empowers organizations to enforce security policies, ensure compliance, and maintain an optimized device fleet.
 
 :::info
 This app includes [built-in monitors](#jamf-monitors). For details on creating custom monitors, refer to the [Create monitors for Jamf app](#create-monitors-for-the-jamf-app).
@@ -880,7 +880,7 @@ import ViewDashboards from '../../reuse/apps/view-dashboards.md';
 
 ### Inventory Overview
 
-The **Jamf - Inventory Overview** dashboard provides a comprehensive summary of the organization's Apple device inventory. It tracks total devices, their management statuses, and critical security metrics like unencrypted disks, expired certificates, and devices with firewall off. Analysts can visualize device distribution by platform, monitor geolocation trends, and detect vulnerable or embargoed devices. The dashboard highlights devices with expiring certificates, recently enrolled configurations, and unencrypted disks, offering actionable insights to maintain security and compliance. Additionally, it tracks the top OS versions, licensed software, and recent software updates to ensure devices stay up-to-date and secure. <br/> <img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Jamf/Jamf-Inventory-Overview.png')} alt="Jamf-Inventory Overview" style={{border: '1px solid gray'}} width="800" />
+The **Jamf - Inventory Overview** dashboard provides a comprehensive summary of the organization's Apple device inventory. It tracks total devices, their management statuses, and critical security metrics like unencrypted disks, expired certificates, and devices with firewalls off. Analysts can visualize device distribution by platform, monitor geolocation trends, and detect vulnerable or embargoed devices. The dashboard highlights devices with expiring certificates, recently enrolled configurations, and unencrypted disks, offering actionable insights to maintain security and compliance. Additionally, it tracks the top OS versions, licensed software, and recent software updates to ensure devices stay up-to-date and secure. <br/> <img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Jamf/Jamf-Inventory-Overview.png')} alt="Jamf-Inventory Overview" style={{border: '1px solid gray'}} width="800" />
 
 ### Activity Overview
 
@@ -901,13 +901,13 @@ import CreateMonitors from '../../reuse/apps/create-monitors.md';
 | Name | Description | Alert Condition | Recover Condition |
 |:--|:--|:--|:--|
 | `Jamf - Devices from Embargoed Locations` | This alert is triggered if devices accessed from high-risk geographic locations are identified, enabling analysts to detect and investigate potential security threats. This monitor helps track unusual or suspicious device usage patterns and ensures compliance with geolocation-based security policies. | Count `>` 0 | Count `<=` 0 |
-| `Jamf - Devices with 0 security score` | This alert is triggered if devices with no assigned security score are identified, highlighting unmanaged or non-compliant devices. This monitor ensures analysts can identify and prioritize addressing security gaps in the organization’s fleet. | Count `>` 0 | Count `<=` 0 |
-| `Jamf - FileVault Disabled` | This alert is triggered if devices where FileVault encryption is disabled, posing a risk of data theft. This monitor ensures that disk encryption policies are enforced to protect sensitive organizational data. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - Devices with 0 security score` | This alert is triggered if devices with no assigned security score is identified, highlighting unmanaged or non-compliant devices. This monitor ensures analysts can identify and prioritize addressing security gaps in the organization’s fleet. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - FileVault Disabled` | This alert is triggered if devices FileVault encryption is disabled, posing a risk of data theft. This monitor ensures that disk encryption policies are enforced to protect sensitive organizational data. | Count `>` 0 | Count `<=` 0 |
 | `Jamf - Firewall Disabled` | This alert is triggered if devices with the firewall turned off are identified, exposing them to network-based threats. This monitor helps enforce network security policies and minimizes the risk of unauthorized access. | Count `>` 0 | Count `<=` 0 |
 | `Jamf - High Command Failures` | This alert is triggered if devices with repeated command execution failures are identified, signaling possible operational issues. This monitor allows timely investigation and resolution of command failures to maintain device functionality. | Count `>` 50 | Count `<=` 50 |
 | `Jamf - High Policy Failures` | This alert is triggered if devices are experiencing frequent policy application failures, which may lead to compliance risks. This monitor ensures that all devices adhere to organizational security and management policies. | Count `>` 50 | Count `<=` 50 |
-| `Jamf - Inactive Devices from 30 Days` | This alert is triggered if devices that have been inactive for over 30 days, signaling potential operational inefficiencies or security concerns. This monitor helps organizations track and optimize device utilization. | Count `>` 0 | Count `<=` 0 |
-| `Jamf - Outdated Devices from 30 Days` | This alert is triggered if devices are running outdated for over 30 days, increasing vulnerability risks. This monitor ensures timely updates and adherence to security standards. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - Inactive Devices from 30 Days` | This alert is triggered if devices are inactive for more than 30 days, signaling potential operational inefficiencies or security concerns. This monitor helps organizations track and optimize device utilization. | Count `>` 0 | Count `<=` 0 |
+| `Jamf - Outdated Devices from 30 Days` | This alert is triggered if devices are running outdated for more than 30 days, increasing vulnerability risks. This monitor ensures timely updates and adherence to security standards. | Count `>` 0 | Count `<=` 0 |
 | `Jamf - System Integrity Protection (SIP) Status Disabled` | This alert is triggered if devices with SIP disabled are identified, compromising macOS security features. This monitor ensures SIP remains enabled to safeguard devices from unauthorized modifications and vulnerabilities. | Count `>` 0 | Count `<=` 0 |
 
 ## Upgrade/Downgrade the Jamf app (Optional)
@@ -920,4 +920,4 @@ import AppUpdate from '../../reuse/apps/app-update.md';
 
 import AppUninstall from '../../reuse/apps/app-uninstall.md';
 
-<AppUninstall/>
\ No newline at end of file
+<AppUninstall/>

From 8cde3b834930c36a52c30b3d8ca877a8b4b9651a Mon Sep 17 00:00:00 2001
From: Jagadisha V <129049263+JV0812@users.noreply.github.com>
Date: Fri, 10 Jan 2025 16:19:38 +0530
Subject: [PATCH 9/9] Rename 2025-01-05-apps.md to 2025-01-10-apps.md

---
 blog-service/{2025-01-05-apps.md => 2025-01-10-apps.md} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename blog-service/{2025-01-05-apps.md => 2025-01-10-apps.md} (99%)

diff --git a/blog-service/2025-01-05-apps.md b/blog-service/2025-01-10-apps.md
similarity index 99%
rename from blog-service/2025-01-05-apps.md
rename to blog-service/2025-01-10-apps.md
index 40aeaa34b6..21fb97869b 100644
--- a/blog-service/2025-01-05-apps.md
+++ b/blog-service/2025-01-10-apps.md
@@ -11,4 +11,4 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 <a href="https://help.sumologic.com/release-notes-csoar/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
 
-We're excited to introduce the new Jamf app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud Jamf source that collects inventory data from the Jamf platform. This app helps security analysts with critical insights into their organization's Jamf environment. [Learn more](/docs/integrations/saas-cloud/jamf/).
\ No newline at end of file
+We're excited to introduce the new Jamf app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud Jamf source that collects inventory data from the Jamf platform. This app helps security analysts with critical insights into their organization's Jamf environment. [Learn more](/docs/integrations/saas-cloud/jamf/).