EN
Request a demo
EN
Products
Pricing
Company
Resources
Events
Request a demo
See all integrations

JAMFProtect

2 Responders
1 Function
GitHub

Responders (2)

JAMFProtect addHashtoPreventList v1.0

Add IOC to JAMF Protect - creates a custom prevent list for a hash

  • Author: Fabien Bloume, StrangeBee
  • License: AGPL-V3
  • Data Types: thehive:case_artifact

JAMFProtect removeHashfromPreventList v1.0

Remove IOC on JAMF Protect - removes associated custom prevent list(s) containing the hash

  • Author: Fabien Bloume, StrangeBee
  • License: AGPL-V3
  • Data Types: thehive:case_artifact

Functions (1)

createAlertFromJAMFProtect v1.0.0

Ingests alerts from JAMF Protect. Extracts analytic details, host and user information, MITRE ATT&CK tags, and file/path data. The function constructs a TheHive alert, including a title, markdown-formatted description (with original alert JSON), relevant observables (IP, hostname, file, hash, URL, FQDN, URI path, user agent), MITRE ATT&CK enrichment, and a link to the JAMF alert. Handles default values and supports tagging and mapping of MITRE tactics for easier triage and investigation. For the setup in JAMF Protect, go to Configuration > Actions > your action > Add an HTTP data endpoint + your Authorization Header and Bearer as value

CrowdStrike Falcon
Splunk
VirusTotal
Microsoft Defender for Endpoint
Microsoft Entra ID
MISP
Google Threat Intelligence
Recorded Future
Microsoft Defender for Office 365
Proofpoint
Shodan
Slack
AbuseIPDB
Cloudflare
URLScan.io
URLhaus
ONYPHE
YARA
CAPA
Telegram
Airtable
AnyRun
Autofocus
AWSLambda
AWX
Axur
BackscatterIO
BinalyzeAIR
Censys
CERTatPassiveDNS
ChainAbuse
CheckPhish
CheckPoint
CiscoUmbrella
CISMCAP
ClamAV
Cluster25
ClusterHawk
Crtsh
CuckooSandbox
CyberChef
Cyberprotect
Cylance
DNS-RPZ
DNSDB
DNSdumpster
DNSLookingglass
DNSSinkhole
DomainTools
DShield
Duo Security
EchoTrail
EclecticIQ
EmergingThreats
EmlParser
FileInfo
FireHOLBlocklists
FoxIO
Gatewatcher CTI
Gmail
GoogleDNS
GRR
HarfangLab
Hashdd
Inoitsu
IntezerCommunity
Investigate
IP-API
IPVoid
isMalicious
IVRE
JIRA
Jupyter
KnowBe4
LdapQuery
Lookyloo
LupovisProwl
Mailer
MailIncidentStatus
Malpedia
MalwareClustering
Malwares
MetaDefender
MsgParser
NERD
Nessus
Netcraft
NSRL
Okta
ONYPHEActiveScan
OpenCTI
OrionMalware
PassiveTotal
Patrowl
PhishingInitiative
Pulsedive
QrDecode
Redmine
Robtex
RT4
SecurityTrails
SendGrid
SentinelOne
SinkDB
SophosIntelix
SpamAssassin
SpamhausDBL
StamusNetworks
StopForumSpam
ThreatGrid
ThreatMiner
ThreatResponse
Thunderstorm
TorBlutmagie
TorProject
Triage
UnshortenLink
urlDNA.io
Valhalla
ValidateObservable
Verifalia
VMRay
Vulners
Watcher
Wazuh
WOT
Yeti
ZEROFOX
Zscaler
Abuse Finder
AIL Onion-Lookup
AlienVault OTX
CIRCL Hash Lookup
CIRCL Passive DNS
CIRCL Passive SSL
CIRCL Vulnerability-Lookup
Cisco Secure Endpoint (Formerly AMP for Endpoints)
CrowdSec
Domain Mail SPF DMARC
DomainTools Iris
Elasticsearch
EmailRep
FireEye iSIGHT
Forcepoint WebsensePing
Google Safe Browsing
Google Vision API
GreyNoise
Have I Been Pwned
Hunter.io
Hybrid Analysis
IBM QRadar
IBM X-Force
IPinfo
Joe Sandbox
Kaspersky TIP
Maltiverse
MalwareBazaar
Malware Hash Registry (MHR)
MaxMind
MISP Warning Lists
Mnemonic Passive DNS
n8n
PAN Cortex XDR
PAN Cortex XSOAR
PAN Next Generation Firewall
PAN WildFire
PhishTank
Rapid7 InsightConnect
SEKOIA Intelligence Center
Shuffle
ThreatConnect
Tines
Velociraptor
VirusShare
Back to all integrations
See how TheHive can help your team
Thousands of analysts worldwide rely on our platform to manage security incidents more efficiently than ever.
See what the buzz is about:
Request a demo