pC_jamfjamfprojsonalerttriggersuccess.md

May 13, 2026 ยท View on GitHub

Parser Content

{
Name = jamf-jamfpro-json-alert-trigger-success
  Vendor = "Jamf"
  Product = "Jamf Protect"
  ExtractionType = json
  TimeFormat = "epoch"
  ParserVersion = "v1.0.0"
  Conditions = [""""product":""", """"vendor":"Jamf"""", """"alertId":""", """"action":"""]
  Fields = [
    """exa_json_path=$.timestamp,exa_field_name=time"""
    """exa_json_path=$..product,exa_field_name=product_name"""
    """exa_json_path=$..vendor,exa_field_name=vendor_name"""    
    """exa_json_path=$.event.account.customerId,exa_field_name=tenant_id"""
    """exa_json_path=$.event.account.name,exa_field_name=account_name"""
    """exa_json_path=$.event.device.userDeviceName,exa_field_name=device_name"""
    """exa_json_path=$.event.device.os,exa_field_name=os"""
    """exa_json_path=$.event.device.deviceId,exa_field_name=device_id"""
    """exa_json_path=$.event.device.externalId,exa_field_name=external_id"""
    """exa_json_path=$.event.eventType.description,exa_field_name=alert_description"""
    """exa_json_path=$.event.eventType.name,exa_field_name=alert_name"""
    """exa_json_path=$.event.eventType.name,exa_field_name=alert_type"""
    """exa_json_path=$.event.eventType.id,exa_field_name=event_id"""
    """exa_json_path=$.event.destination.ip,exa_regex=({dest_ip}((([0-9a-fA-F.]{0,4}):{1,2}){1,7}([0-9a-fA-F]){0,4})|(((25[0-5]|(2[0-4]|1\d|[0-9]|)\d)\.?\b){4}))(:({dest_port}\d+))?"""
    """exa_json_path=$.event.destination.name,exa_field_name=threat_url"""
    """exa_json_path=$.event.destination.port,exa_field_name=dest_port"""
    """exa_json_path=$.event.source.ip,exa_regex=({src_ip}((([0-9a-fA-F.]{0,4}):{1,2}){1,7}([0-9a-fA-F]){0,4})|(((25[0-5]|(2[0-4]|1\d|[0-9]|)\d)\.?\b){4}))(:({src_port}\d+))?"""
    """exa_json_path=$.event.source.port,exa_field_name=src_port"""
    """exa_json_path=$.event.location,exa_field_name=location_country"""
    """exa_json_path=$.event.severity,exa_field_name=alert_severity"""
    """exa_json_path=$.event.user.email,exa_field_name=email_address"""
    """exa_json_path=$.event.user.name,exa_regex=({user}[\w\.\-\!\#\^\~]{1,40}\$?)"""
    """exa_json_path=$.event.eventUrl,exa_field_name=url"""
    """exa_json_path=$.event.action,exa_field_name=action"""
    """exa_json_path=$.event.alertId,exa_field_name=alert_id"""
    """exa_json_path=$.event.app.name,exa_field_name=app"""
    """exa_json_path=$.event.app.id,exa_field_name=app_id"""
    """exa_json_path=$.event.app.sha256,exa_field_name=hash_sha256"""
    """exa_json_path=$.event.app.sha1,exa_field_name=hash_sha1"""
  ]


}