This article describes the required procedure to integrate Jamf Pro Cloud with Lumu for automated response procedures. This is one of our featured Out-of-the-Box Response Integrations.

Requirements

• Jamf Pro Cloud instance
  • Jamf Pro Cloud instance User account with the appropriate permissions to create the API Role and the API Client
• An Active Lumu Defender subscription or a Lumu for MSP account

Integration Setup - Jamf Pro Cloud

• Collect your Jamf Pro Cloud base URL.
• Create an API role for the integration (optional but recommended).
• Create an API client for the integration.
• Review your JAMF Pro Cloud existing profiles

Collect your Jamf Pro Cloud base URL

Create an API role

We encourage you to create a dedicated Lumu integration role. This role will help you to preserve the least privilege principle. If you want to use an existing API role, ensure this role has the privileges depicted in step 4 of this section.

1. First, access to Jamf Pro Cloud Web Console with a user who can create the API Role and API Client.

2. Navigate to the Settings(1) section in the left navigation panel of the Jamf Pro Cloud Web Console and select the System(2) tab. Click on the API roles and clients(3) menu.

3. Under the API Roles tab, click on New to create a new one.

4. Fill in the New API Role information following these guidelines:

a. Give the role a distinctive Display name(1).

b. Add the following Privileges(2).

• Read macOS Configuration Profiles.
• Create macOS Configuration Profiles.
• Update macOS Configuration Profiles.
• Read iOS Configuration Profiles.
• Create iOS Configuration Profiles.
• Update iOS Configuration Profiles.

c. Click on the Save(3) button when finished.

Filled New API role:

Create an API client

We encourage you to create a dedicated API client for Lumu integration. This will aid you in tracing all activities performed by the integration and ensure it has the least privileges required (if you created a dedicated API role). If you decide to use an existing API user, ensure it has a role with the privileges depicted in the Create an API role section, step 3.

1. Head back to the Settings > System > API roles and clients menu.

2. Head to the API Clients tab, then click on the New button.

3. Fill in the information requested in the New API Client window by following these guidelines:

a. Give a distinctive Display name(1) to your Lumu API client.

b. Select the API role(2) created in the previous section. If you didn’t do so, select one or multiple roles that fulfill the requirements shown in the Create an API role section.

c. Set the Access token lifetime(3) at 3600 seconds.

d. Click on the Enable API client(4) button.

e. Click on the Save(5) button when finished.

4. On the API client details window, click on the Generate Client secret button

5. The Generate client credentials modal will appear. Click on the Create secret button

6. Copy the Client ID and the Client secret generated for the integration using the Copy client credentials to clipboard button, and save them.

Store the Client ID and the Client Secret in a safe place. This will be the only time you will be able to store them. Keep this information at hand, it will be required to configure the integration.

Review your JAMF Pro Cloud existing profiles

The integration will create and manage two new configuration profiles named “Lumu IOCs”. You must ensure these profiles don’t exist in your Jamf Pro Cloud console. Log in to your Jamf Pro Cloud console and follow these steps to check if the profiles exist:

1. Head to the left navigation pane and expand the Computers section. Look for the Configuration Profiles menu and click on it.

2. Look for a Configuration Profile named “Lumu IOCs”. If it exists, you must remove it. To remove it, click on the “Lumu IOCs” profile.

3. To delete the Lumu IOCs configuration profile, click the Delete button located in the bottom right part of the screen. 

   Click again on the Delete button when prompted.

4. Perform the same procedure with the Devices section. Click on the Devices menu in the left navigation pane and repeat the steps from the previous section.

Integration Setup - Lumu portal

Integrations are also available for Lumu MSP accounts. To access them, log into the Lumu MSP Portal.

1. In the Lumu Portal, head to the panel on the left and open the Integrations drop-down menu. Then, click on Apps. Click on the Response tab on the right to filter the available integrations accordingly.

2. Locate the Jamf Pro integration. The list is organized in alphabetical order from A to Z. Click on the Add button.

3. Familiarize yourself with the integration details in the app description and click the Activate button to start the integration setup process.

4. Provide a meaningful Name. Under Threat Types, choose the specific threat mappings you want to push to Jamf Pro. When done, click on the orange Next button.

Please note that you cannot modify the information on this screen. Exercise caution when selecting Threat Types, as changes cannot be made later.

5. Fill in the required information, as follows:

a. Under Base URL enter the Jamf Pro Cloud URL extracted from the Collect your Jamf Pro Cloud base URL section.

b. Under Client ID enter the Client ID collected in step 6 of the Create an API client section.

c. Under Client Secret enter the Client Secret collected in step 6 of the Create an API client section.

d. Once done, click on Next to continue.

6. The integration is now created and active. The Lumu Portal will display the details of the created integration.

Final Steps - Validate the Integration

We encourage you to ONLY allow the use of the Safari internet browser on your devices as this will allow the configuration profiles to enforce the Blocklisted URLs during navigation. The configuration profiles will not function properly with other browsers.

Enforcing the specified JAMF profile, which Lumu utilizes for updating security indicators, includes Content & Privacy restrictions. Bear in mind that applying these settings to your Safari Browser will disable the Private Browse functionality. This is an expected behavior for this type of profile configuration.

Once the integration is active, the integration will create and maintain a Computer Configuration Profile and a Mobile Device Profile, both named Lumu IOCs. You can monitor updates in both profiles:

• For the Computer Configuration Profile, navigate to Computers > Configuration Profiles. Click on the Lumu IOCs Profile. 

1. Under the Parental Control > Content Filtering > Deny URLs list, you'll find confirmed compromises found by Lumu within the preceding 3 days.
   

• For the Mobile Devices Configuration Profile, navigate to Devices > Configuration Profiles. 

1. Click on the Lumu IOCs Profile. Under the Content Filter > BlockListed URLs list, you'll find confirmed compromises found by Lumu within the preceding 3 days.