Lesson 7 Introduction to Jamf Protect Jamf 170 Course

Jamf Protect is a macOS endpoint security solution that works in tandem with an MDM solution to detect and mitigate threats on enrolled computers. Computers are enrolled in Jamf Protect with the help of an MDM solution like Jamf Pro. Insights are status updates for enrolled computers that check for compliance with CIS Benchmarks. Alerts are recorded any time a compromising action occurs on enrolled computers. Each alert is assigned a severity level, corresponding to the analytic that triggered it. Analytics are rules that are defined to detect threats and unwanted behaviors on enrolled computers. Many analytics are based on the MITRE ATT&CK Matrix for macOS. Plans are security configurations that are deployed to computers via a configuration profile and include analytics, insights, and actions. Actions are groups of settings used to control collection and storage of data gathered from enrolled computers. Threat prevention is Jamf Protect's built-in tool to detect, block, and quarantine malicious processes on a Mac. Jamf Protect contains administrative tools like logging, API clients, and data forwarding to help administrators better protect their users. Review To view answers, click arrow next to each question. What do insights determine about enrolled computers? How are severity levels for alerts determined? Does an action have the ability to remediate malware on an enrolled computer? Practice Navigate to the Insights page in Jamf Protect and use the filters to see how many insights are tagged with "CIS Level 1" and "CIS Level 2". Navigate to the Alerts page in Jamf Protect and use the filters to show all alerts that are in progress. Navigate to the Analytics page in Jamf Protect and use the filters to determine how many analytics are categorized as "Persistence". Navigate to the Threat Prevention page in Jamf Protect and determine the latest version of threat prevention.