Skip to content

[Jamf Protect 3.2.0] Enhancements to process mapping #15046

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kcreddy merged 9 commits into from
Aug 28, 2025
Merged

[Jamf Protect 3.2.0] Enhancements to process mapping #15046

kcreddy merged 9 commits into from
Aug 28, 2025

Conversation

@txhaflaire
Copy link
Contributor

@txhaflaire txhaflaire commented Aug 26, 2025

Type of change:

  • enhancement

Proposed commit message

  • The Jamf Protect Telemetry data stream got enhancements in it's process audit tokens
    • The audit token now contains a effective username (e_username)
    • The audit token now contains a executable path for the process (exec_path)

Check Jamf's release notes here

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

elastic-package test system

2025/08/26 10:33:53  INFO Write container logs to file: /Users/thijs.xhaflaire/Documents/GitHub/Elastic/integrations/build/container-logs/elastic-agent-1756197233255878000.log
--- Test results for package: jamf_protect - START ---
╭──────────────┬────────────────────┬───────────┬───────────────┬────────┬───────────────╮
│ PACKAGE      │ DATA STREAM        │ TEST TYPE │ TEST NAME     │ RESULT │  TIME ELAPSED │
├──────────────┼────────────────────┼───────────┼───────────────┼────────┼───────────────┤
│ jamf_protect │ alerts             │ system    │ http-endpoint │ PASS   │  37.43365875s │
│ jamf_protect │ telemetry          │ system    │ http-endpoint │ PASS   │ 41.959942917s │
│ jamf_protect │ telemetry_legacy   │ system    │ http-endpoint │ PASS   │ 43.874400084s │
│ jamf_protect │ web_threat_events  │ system    │ http-endpoint │ PASS   │ 44.194318834s │
│ jamf_protect │ web_traffic_events │ system    │ http-endpoint │ PASS   │ 42.502668709s │
╰──────────────┴────────────────────┴───────────┴───────────────┴────────┴───────────────╯
--- Test results for package: jamf_protect - END   ---
Done

@txhaflaire txhaflaire requested a review from a team as a code owner August 26, 2025 08:40
@txhaflaire txhaflaire changed the title first commit for 3.1.1 [Jamf Protect 3.1.1] Enhancements to process mapping Aug 26, 2025
@andrewkroh andrewkroh added documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:jamf_protect Jamf Protect (Partner supported) Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Aug 26, 2025
@elasticmachine
Copy link

elasticmachine commented Aug 26, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@kcreddy
Copy link
Contributor

kcreddy commented Aug 28, 2025

/test

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Aug 28, 2025

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

kcreddy
kcreddy reviewed Aug 28, 2025
View reviewed changes
txhaflaire and others added 2 commits August 28, 2025 13:41
@txhaflaire @kcreddy
Update packages/jamf_protect/changelog.yml
ebf24aa 
Co-authored-by: Krishna Chaitanya Reddy Burri <krish.reddy91@gmail.com>
@txhaflaire @kcreddy
Update packages/jamf_protect/manifest.yml
a9539df 
Co-authored-by: Krishna Chaitanya Reddy Burri <krish.reddy91@gmail.com>
@txhaflaire txhaflaire changed the title [Jamf Protect 3.1.1] Enhancements to process mapping [Jamf Protect 3.2.0] Enhancements to process mapping Aug 28, 2025
@txhaflaire
Copy link
Contributor Author

txhaflaire commented Aug 28, 2025

@kcreddy Thanks for the review - i've implemented the minor changes and those are ready to be reviewed.

kcreddy
kcreddy reviewed Aug 28, 2025
View reviewed changes
txhaflaire
txhaflaire commented Aug 28, 2025
View reviewed changes
@kcreddy
Copy link
Contributor

kcreddy commented Aug 28, 2025

/test

kcreddy
kcreddy approved these changes Aug 28, 2025
View reviewed changes
Copy link
Contributor

@kcreddy kcreddy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@txhaflaire
Copy link
Contributor Author

txhaflaire commented Aug 28, 2025

@kcreddy i saw in SQ that the readme file was out of date - fixed that.

@kcreddy
Copy link
Contributor

kcreddy commented Aug 28, 2025

/test

@elasticmachine
Copy link

elasticmachine commented Aug 28, 2025

💚 Build Succeeded

History

@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Aug 28, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
80.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@kcreddy kcreddy merged commit 968d488 into elastic:main Aug 28, 2025
9 checks passed
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Aug 28, 2025

Package jamf_protect - 3.2.0 containing this change is available at https://epr.elastic.co/package/jamf_protect/3.2.0/

@andrewkroh andrewkroh added the enhancement New feature or request label Sep 3, 2025
tehbooom pushed a commit to tehbooom/integrations that referenced this pull request Nov 19, 2025
@txhaflaire
[Jamf Protect 3.2.0] Enhancements to process mapping (elastic#15046)
787f3cb 
The Jamf Protect Telemetry data stream got enhancements in it's process audit tokens.
  - The audit token now contains a effective username (e_username)
  - The audit token now contains a executable path for the process (exec_path)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kcreddy kcreddy kcreddy approved these changes

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:jamf_protect Jamf Protect (Partner supported) Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@txhaflaire @elasticmachine @kcreddy @andrewkroh