Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn to build Security Orchestration, Automation, and Response (SOAR) workflows for macOS endpoints using Jamf Protect and Jamf Pro in this comprehensive conference presentation. Discover how to create automated incident response systems that detect malicious behavior, trigger remediation policies, and collect forensic evidence without manual intervention. Master the fundamentals of SOAR functionality and explore how Jamf Protect's analytics engine integrates with Jamf Pro's device management capabilities to create powerful security automation workflows. Follow along as experts demonstrate three critical real-world playbooks: network isolation for compromised endpoints using packet filter firewall rules, automated quarantined file acquisition with S3 bucket uploads, and comprehensive forensic data collection using the Aftermath framework. Gain practical experience configuring smart groups with extension attributes for threat detection, implementing custom triggers for remediation policies, and setting up user notifications during security incidents with IBM Notifier. Understand how to leverage Jamf's security portals including macOS Security and Jamf Security Cloud for comprehensive endpoint protection. Explore various remediation options including notifications, file removal, endpoint isolation, and custom script execution. Learn to analyze uploaded forensic reports and manage the complete incident response lifecycle from detection through resolution, making your macOS security operations more efficient and effective.
