Security
Tutorials
How to Identify and Address Vulnerabilities in Jamf Devices
Managing your IT assets effectively across various platforms is crucial, and CloudQuery makes it easier than ever by integrating with Jamf. The CloudQuery Jamf Source Integration empowers organizations to create a unified cloud asset inventory, providing visibility into device management and enhancing security, efficiency, and decision-making.
Trusted by companies like Palo Alto Networks and Zendesk, CloudQuery delivers flexibility and power in IT asset management. The Jamf plugin provides an efficient way to monitor device compliance, enhance security posture, and streamline operations—all within minutes of setup.
- Comprehensive Asset Inventory: Collect detailed data on devices managed in Jamf, including device enrollments, pre-stages, hardware, and software configurations.
- Customizable Queries: Leverage SQL to analyze and query your Jamf data directly from your database.
- Secure Deployment: Keep sensitive data safe with self-hosted options.
With the CloudQuery Jamf plugin, you can extract a wide range of data from your Jamf instance and sync it into your preferred database. This includes:
- Device Enrollments: Details about devices enrolled in Jamf, including configurations and enrollment statuses.
- Computer and Mobile Device Data: Information on hardware, operating systems, security settings, and installed software for computers and mobile devices.
- Pre-stage Configurations: Pre-stage setup data for both computers and mobile devices, such as default pre-stages, departments, and mandatory configurations.
- User and Location Data: Assignments of devices to specific users or locations for inventory tracking.
- Purchasing Information: Details about asset procurement and associated metadata.
For a full list of supported tables and the data fields you can sync, visit the CloudQuery Jamf plugin documentation.
Getting Started with the Jamf Plugin #
Here is a step-by-step guide on configuring the Jamf integration and analyzing your Jamf data.
- Obtain API Credentials:Start by generating an API token to access your data from your Jamf instance. Follow the Jamf API documentation to retrieve your token.
- Install CloudQuery CLI:Download and install the CloudQuery CLI on your machine by following the steps on our download page.
- Set up the Sync Configuration:Create a CloudQuery configuration file by running the following init command. You can use any supported destination, but for this example, we will use PostgreSQL.
cloudquery init --source=jamf --destination=postgresqlThis command will create ajamf_to_postgresql.yamlfile in your current directory. - Update the Configuration File:Open the generated config file and replace the placeholders with your details:
${JAMF_INSTANCE_URL}: Replace with the base URL of your Jamf Pro instance (e.g., https://your-jamf-instance.jamfcloud.com).${JAMF_ACCESS_TOKEN}: Replace with the API token generated in step 1.${POSTGRESQL_CONNECTION_STRING}: Replace with the connection string for your PostgreSQL database.
- Sync with CloudQuery:Next, run the sync command to extract data from Jamf into your data destination:
cloudquery sync jamf_to_postgresql.yamlFor more details, refer to the Jamf Source Integration documentation.
How to Analyze your Jamf data #
Now that you have synced Jamf data, we can run queries directly on your Jamf data in your database. Our users find that this gives them a precise analysis of their IT assets. This approach helps them identify issues, track changes, and optimize device management workflows.
We will also show you how to combine your Jamf data with data from other data sources like Wiz.
How to Identify Jamf Devices with Outdated OS #
In PostgreSQL, you can determine which devices are running outdated operating systems to prioritize updates with the following query. This query lists the names and operating system versions of all devices in your Jamf inventory running an OS version older than 12.0.
SELECT
general->>'device_name' AS device_name,
operating_system->>'version' AS os_version
FROM
jamf_computers
WHERE
operating_system->>'version' < '12.0';How to Track Unassigned Pre-stages in Jamf #
You can also identify computer pre-stages that are not assigned to any department.
SELECT
display_name,
department
FROM
jamf_computer_prestages
WHERE
department IS NULL;How to Audit Security Configurations with Jamf #
Or you can check for devices without disk encryption enabled.
SELECT
general->>'device_name' AS device_name,
disk_encryption->>'filevault_enabled' AS encryption_status
FROM
jamf_computers
WHERE
disk_encryption->>'filevault_enabled' = 'false';How to integrate Wiz and Jamf Data #
Did you know you can combine data from any other cloud data source with your Jamf data to cross-reference vulnerabilities with device details? Many CloudQuery users combine their Jamf data with their Wiz security data to perform an in-depth security audit.
To get started, visit the Wiz CloudQuery documentation and sync your Wiz data; once synced, you can return here to run queries combining your Wiz and Jamf data for deeper insights.
For example, this query lists the names and operating system versions of devices from your Jamf data that have critical vulnerabilities identified in your Wiz data, helping to pinpoint high-priority risks.
SELECT
jc.general->>'device_name' AS device_name,
jc.operating_system->>'version' AS os_version,
wiz.vulnerabilities->>'vuln_id' AS vulnerability_id,
wiz.vulnerabilities->>'severity' AS severity
FROM
jamf_computers jc
JOIN
wiz_findings wiz
ON
jc._cq_id = wiz._cq_parent_id
WHERE
wiz.vulnerabilities->>'severity' = 'critical';Summary #
The CloudQuery Jamf Source Integration simplifies IT asset management by enabling organizations to collect, analyze, and monitor their Jamf data directly in their preferred database. With features like customizable SQL queries and cross-platform integration, it provides precise control over IT assets, supports compliance, and enhances decision-making.
Getting started is straightforward, and you can start analyzing and integrating your data from other cloud platforms, like Wiz, to perform in-depth security audits and identify vulnerabilities, offering a comprehensive view of your IT environment.
Ready to start syncing your Jamf data? You can try out CloudQuery with our quick start guide.
Want help getting started? Join the CloudQuery community to connect with other users and experts, or message our team directly here if you have any questions.
Thank you for following along, and we hope this guide helps you effectively manage your AWS cloud assets!
FAQs #
What kind of data can I extract from Jamf using CloudQuery?
You can sync data such as device enrollments, pre-stages, operating system details, hardware configurations, and user and location information.
How does CloudQuery help analyze Jamf data?
CloudQuery converts your Jamf data into a SQL-queryable format, allowing you to run custom queries for tasks like tracking device compliance, auditing security configurations, and monitoring resource allocation.
Can I integrate Jamf data with other cloud platforms using CloudQuery?
Yes, you can combine Jamf data with other platforms like Wiz, AWS, and GCP to create a unified view of your IT and cloud environments for deeper insights.
Is the CloudQuery Jamf plugin secure?
Yes, CloudQuery offers a self-hosted option, keeping your sensitive IT and user data within your network. It also uses read-only permissions for secure data syncing.
What are some practical use cases for the CloudQuery Jamf plugin?
Developers use the plugin to identify outdated operating systems, track unassigned device prestages, audit disk encryption settings, and perform cross-platform security analyses with Wiz.
Do I need coding experience to use the CloudQuery Jamf plugin?
Basic familiarity with SQL and database management is helpful but not required. CloudQuery’s documentation provides detailed guidance to help users efficiently set up and run queries.
Written by Joe Karlsson
Joe Karlsson (He/They) is an Engineer turned Developer Advocate (and massive nerd). Joe empowers developers to think creatively when building applications, through demos, blogs, videos, or whatever else developers need.
