Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[jamf_pro]: parsing of inventory data not possible #11823

Open
northalpha opened this issue Nov 22, 2024 · 1 comment
Open

[jamf_pro]: parsing of inventory data not possible #11823

northalpha opened this issue Nov 22, 2024 · 1 comment
Labels
Integration:jamf_pro Jamf Pro needs:triage Team:Security-Service Integrations Security Service Integrations Team [elastic/security-service-integrations]

Comments

@northalpha
Copy link

Integration Name

Jamf Pro [jamf_pro]

Dataset Name

jamf_pro.inventory

Integration Version

0.1.1

Agent Version

8.15.3

Agent Output Type

elasticsearch

Elasticsearch Version

8.15.3

OS Version and Architecture

Ubuntu 22.04.5 LTS (x86_64)

Software/API Version

JAMF Pro 11.10.1-t1728656858 (on-prem)

Error Message

1:1040] object mapping for [jamf_pro.inventory.general.mdm_capable.capable_users] tried to parse field [null] as object, but found a concrete value

Tests were made with 8.15.3 but same behaviour is present in 8.16!

Event Original

{"log.level":"warn","@timestamp":"2024-11-21T09:00:07.908Z","message":"Cannot index event '{"@timestamp":"2024-11-21T08:59:57.662Z","data_stream":{"dataset":"jamf_pro.inventory","namespace":"default","type":"logs"},"event":{"dataset":"jamf_pro.inventory"},"elastic_agent":{"id":"7d22e693-5767-4942-a673-6d74b29b8afe","snapshot":false,"version":"8.15.3"},"agent":{"name":"jamfpro","type":"filebeat","version":"8.15.3","ephemeral_id":"50b9ac8b-1ee6-418f-9a4c-3445f1cf69a9","id":"7d22e693-5767-4942-a673-6d74b29b8afe"},"ecs":{"version":"8.0.0"},"message":{"storage":{"bootDriveAvailableSpaceMegabytes":871340,"disks":[{"type":"NO","partitions":[{"name":"Update","sizeMegabytes":994662,"availableMegabytes":871340,"partitionType":"OTHER","percentUsed":1,"fileVault2State":"UNENCRYPTED","fileVault2ProgressPercent":0,"lvmManaged":false},{"fileVault2ProgressPercent":100,"lvmManaged":false,"name":"Macintosh HD (Boot Partition)","sizeMegabytes":994662,"availableMegabytes":871340,"partitionType":"BOOT","percentUsed":2,"fileVault2State":"ENCRYPTED"},{"availableMegabytes":871340,"partitionType":"OTHER","percentUsed":10,"fileVault2State":"ENCRYPTED","fileVault2ProgressPercent":100,"lvmManaged":false,"name":"Data","sizeMegabytes":994662},{"percentUsed":1,"fileVault2State":"UNENCRYPTED","fileVault2ProgressPercent":0,"lvmManaged":false,"name":"Hardware","sizeMegabytes":524,"availableMegabytes":506,"partitionType":"OTHER"},{"partitionType":"OTHER","percentUsed":2,"fileVault2State":"UNENCRYPTED","fileVault2ProgressPercent":0,"lvmManaged":false,"name":"xarts","sizeMegabytes":524,"availableMegabytes":506},{"availableMegabytes":871340,"partitionType":"OTHER","percentUsed":1,"fileVault2State":"UNENCRYPTED","fileVault2ProgressPercent":0,"lvmManaged":false,"name":"VM","sizeMegabytes":994662},{"name":"Update/SFR/mnt1","sizeMegabytes":5368,"availableMegabytes":3463,"partitionType":"OTHER","percentUsed":36,"fileVault2State":"UNENCRYPTED","fileVault2ProgressPercent":0,"lvmManaged":false},{"partitionType":"OTHER","percentUsed":2,"fileVault2State":"UNENCRYPTED","fileVault2ProgressPercent":0,"lvmManaged":false,"name":"iSCPreboot","sizeMegabytes":524,"availableMegabytes":506},{"name":"Update/mnt1","sizeMegabytes":994662,"availableMegabytes":871340,"partitionType":"OTHER","percentUsed":2,"fileVault2State":"ENCRYPTED","fileVault2ProgressPercent":100,"lvmManaged":false},{"partitionType":"OTHER","percentUsed":2,"fileVault2State":"UNENCRYPTED","fileVault2ProgressPercent":0,"lvmManaged":false,"name":"Preboot","sizeMegabytes":994662,"availableMegabytes":871340}],"model":"APPLE SSD AP1024Z","sizeMegabytes":1.000555e+06,"serialNumber":"0ba02303c105100b","revision":"499.0.9","smartStatus":"Verified","device":"disk0","id":"305333"}]},"applications":[{"externalVersionId":"0","name":"Siri.app","path":"/System/Applications/Siri.app","version":"1.0","macAppStore":false,"sizeMegabytes":2,"bundleId":"com.apple.siri.launcher","updateAvailable":false},{"macAppStore":false,"sizeMegabytes":1,"bundleId":"com.intelliscapesolutions.caffeine","updateAvailable":false,"externalVersionId":"0","name":"Caffeine.app","path":"/Applications/Caffeine.app","version":"1.1.3"},{"macAppStore":true,"sizeMegabytes":625,"bundleId":"com.apple.iWork.Pages","updateAvailable":false,"externalVersionId":"0","name":"Pages.app","path":"/Applications/Pages.app","version":"14.1"},{"bundleId":"org.mozilla.firefox","updateAvailable":false,"externalVersionId":"0","name":"Firefox.app","path":"/Applications/Firefox.app","version":"132.0.2","macAppStore":false,"sizeMegabytes":395},{"macAppStore":false,"sizeMegabytes":13,"bundleId":"com.apple.Dictionary","updateAvailable":false,"externalVersionId":"0","name":"Dictionary.app","path":"/System/Applications/Dictionary.app","version":"2.3.0"},{"sizeMegabytes":30,"bundleId":"com.apple.Notes","updateAvailable":false,"externalVersionId":"0","name":"Notes.app","path":"/System/Applications/Notes.app","version":"4.11","macAppStore":false},{"updateAvailable":false,"externalVersionId":"0","name":"Screen Sharing.app","path":"/System/Applications/Utilities/Screen Sharing.app","version":"5.2","macAppStore":false,"sizeMegabytes":3,"bundleId":"com.apple.ScreenSharing"},{"updateAvailable":false,"externalVersionId":"0","name":"Visual Studio Code.app","path":"/Applications/Visual Studio Code.app","version":"1.95.1","macAppStore":false,"sizeMegabytes":572,"bundleId":"com.microsoft.VSCode"},{"macAppStore":true,"sizeMegabytes":3646,"bundleId":"com.apple.iMovieApp","updateAvailable":false,"externalVersionId":"0","name":"iMovie.app","path":"/Applications/iMovie.app","version":"10.4.1"},{"path":"/Applications/Webex.app","version":"44.10.1.31028","macAppStore":false,"sizeMegabytes":571,"bundleId":"Cisco-Systems.Spark","updateAvailable":false,"externalVersionId":"0","name":"Webex.app"},{"version":"3.1","macAppStore":false,"sizeMegabytes":4,"bundleId":"com.apple.VoiceMemos","updateAvailable":false,"externalVersionId":"0","name":"VoiceMemos.app","path":"/System/Applications/VoiceMemos.app"},{"name":"IDLE.app","path":"/Applications/Python 3.12/IDLE.app","version":"3.12.5","macAppStore":false,"sizeMegabytes":0,"bundleId":"org.python.IDLE","updateAvailable":false,"externalVersionId":"0"},{"sizeMegabytes":2,"bundleId":"com.apple.Console","updateAvailable":false,"externalVersionId":"0","name":"Console.app","path":"/System/Applications/Utilities/Console.app","version":"1.1","macAppStore":false},{"name":"Font Book.app","path":"/System/Applications/Font Book.app","version":"11.0","macAppStore":false,"sizeMegabytes":10,"bundleId":"com.apple.FontBook","updateAvailable":false,"externalVersionId":"0"},{"version":"1.5.2","macAppStore":false,"sizeMegabytes":45,"bundleId":"com.apple.TV","updateAvailable":false,"externalVersionId":"0","name":"TV.app","path":"/System/Applications/TV.app"},{"externalVersionId":"0","name":"Image Capture.app","path":"/System/Applications/Image Capture.app","version":"8.0","macAppStore":false,"sizeMegabytes":3,"bundleId":"com.apple.Image_Capture","updateAvailable":false},{"macAppStore":false,"sizeMegabytes":2295,"bundleId":"com.microsoft.Word","updateAvailable":false,"externalVersionId":"0","name":"Microsoft Word.app","path":"/Applications/Microsoft Word.app","version":"16.91.24111020"},{"sizeMegabytes":145,"bundleId":"org.apache.directory.studio.product","updateAvailable":false,"externalVersionId":"0","name":"ApacheDirectoryStudio.app","path":"/Applications/ApacheDirectoryStudio.app","version":"2.0.0","macAppStore":false},{"updateAvailable":false,"externalVersionId":"0","name":"Safari.app","path":"/Applications/Safari.app","version":"18.2","macAppStore":false,"sizeMegabytes":14,"bundleId":"com.apple.Safari"},{"macAppStore":false,"sizeMegabytes":14,"bundleId":"com.apple.AddressBook","updateAvailable":false,"externalVersionId":"0","name":"Contacts.app","path":"/System/Applications/Contacts.app","version":"14.0"},{"macAppStore":false,"sizeMegabytes":0,"bundleId":"com.apple.screenshot.launcher","updateAvailable":false,"externalVersionId":"0","name":"Screenshot.app","path":"/System/Applications/Utilities/Screenshot.app","version":"1.0"},{"updateAvailable":false,"externalVersionId":"0","name":"Photos.app","path":"/System/Applications/Photos.app","version":"1.0","macAppStore":false,"sizeMegabytes":22,"bundleId":"com.apple.Photos"},{"updateAvailable":false,"externalVersionId":"0","name":"Rectangle.app","path":"/Applications/Rectangle.app","version":"0.84","macAppStore":false,"sizeMegabytes":8,"bundleId":"com.knollsoft.Rectangle"},{"macAppStore":false,"sizeMegabytes":39,"bundleId":"com.apple.airport.airportutility","updateAvailable":false,"externalVersionId":"0","name":"AirPort Utility.app","path":"/System/Applications/Utilities/AirPort Utility.app","version":"6.3.9"},{"macAppStore":false,"sizeMegabytes":6,"bundleId":"com.apple.Terminal","updateAvailable":false,"externalVersionId":"0","name":"Terminal.app","path":"/System/Applications/Utilities/Terminal.app","version":"2.14"},{"version":"10","macAppStore":false,"sizeMegabytes":11,"bundleId":"com.apple.VoiceOverUtility","updateAvailable":false,"externalVersionId":"0","name":"VoiceOver Utility.app","path":"/System/Applications/Utilities/VoiceOver Utility.app"},{"updateAvailable":false,"externalVersionId":"0","name":"Tunnelblick.app","path":"/Applications/Tunnelblick.app","version":"6.0beta09 (build 6130)","macAppStore":false,"sizeMegabytes":46,"bundleId":"net.tunnelblick.tunnelblick"},{"sizeMegabytes":23,"bundleId":"com.apple.reminders","updateAvailable":false,"externalVersionId":"0","name":"Reminders.app","path":"/System/Applications/Reminders.app","version":"7.0","macAppStore":false},{"name":"System Information.app","path":"/System/Applications/Utilities/System Information.app","version":"11.0","macAppStore":false,"sizeMegabytes":3,"bundleId":"com.apple.SystemProfiler","updateAvailable":false,"externalVersionId":"0"},{"updateAvailable":false,"externalVersionId":"0","name":"Numbers.app","path":"/Applications/Numbers.app","version":"14.1","macAppStore":true,"sizeMegabytes":562,"bundleId":"com.apple.iWork.Numbers"},{"version":"1.2","macAppStore":false,"sizeMegabytes":1,"bundleId":"com.apple.Passwords","updateAvailable":false,"externalVersionId":"0","name":"Passwords.app","path":"/System/Applications/Passwords.app"},{"path":"/System/Applications/Utilities/Grapher.app","version":"2.7","macAppStore":false,"sizeMegabytes":10,"bundleId":"com.apple.grapher","updateAvailable":false,"externalVersionId":"0","name":"Grapher.app"},{"bundleId":"com.apple.garageband10","updateAvailable":false,"externalVersionId":"0","name":"GarageBand.app","path":"/Applications/GarageBand.app","version":"10.4.11","macAppStore":true,"sizeMegabytes":1313},{"path":"/Applications/Self Service.app","version":"11.10.1","macAppStore":false,"sizeMegabytes":19,"bundleId":"com.jamfsoftware.selfservice.mac","updateAvailable":false,"externalVersionId":"0","name":"Self Service.app"},{"macAppStore":false,"sizeMegabytes":1792,"bundleId":"com.microsoft.Powerpoint","updateAvailable":false,"externalVersionId":"0","name":"Microsoft PowerPoint.app","path":"/Applications/Microsoft PowerPoint.app","version":"16.91.24111020"},{"updateAvailable":false,"externalVersionId":"0","name":"Preview.app","path":"/System/Applications/Preview.app","version":"11.0","macAppStore":false,"sizeMegabytes":9,"bundleId":"com.apple.Preview"},{"version":"1.5.2","macAppStore":false,"sizeMegabytes":59,"bundleId":"com.apple.Music","updateAvailable":false,"externalVersionId":"0","name":"Music.app","path":"/System/Applications/Music.app"},{"name":"Nextcloud.app","path":"/Applications/Nextcloud.app","version":"3.14.3daily","macAppStore":false,"sizeMegabytes":946,"bundleId":"com.nextcloud.desktopclient","updateAvailable":false,"externalVersionId":"0"},{"externalVersionId":"0","name":"Image Playground.app","path":"/System/Applications/Image Playground.app","version":"1.0","macAppStore":false,"sizeMegabytes":2,"bundleId":"com.apple.GenerativePlaygroundApp","updateAvailable":false},{"updateAvailable":false,"externalVersionId":"0","name":"GoTo.app","path":"/Applications/GoTo.app","version":"4.11.0","macAppStore":false,"sizeMegabytes":224,"bundleId":"com.logmein.goto"},{"name":"Messages.app","path":"/System/Applications/Messages.app","version":"14.0","macAppStore":false,"sizeMegabytes":7,"bundleId":"com.apple.MobileSMS","updateAvailable":false,"externalVersionId":"0"},{"sizeMegabytes":131,"bundleId":"com.jamf.protect.daemon","updateAvailable":false,"externalVersionId":"0","name":"JamfProtect.app","path":"/Applications/JamfProtect.app","version":"6.3.1","macAppStore":false},{"version":"1.0","macAppStore":false,"sizeMegabytes":2,"bundleId":"com.apple.printcenter","updateAvailable":false,"externalVersionId":"0","name":"Print Center.app","path":"/System/Applications/Utilities/Print Center.app"},{"version":"2.7.9","macAppStore":false,"sizeMegabytes":75,"bundleId":"org.keepassxc.keepassxc","updateAvailable":false,"externalVersionId":"0","name":"KeePassXC.app","path":"/Applications/KeePassXC.app"},{"name":"FaceTime.app","path":"/System/Applications/FaceTime.app","version":"36","macAppStore":false,"sizeMegabytes":5,"bundleId":"com.apple.FaceTime","updateAvailable":false,"externalVersionId":"0"},{"sizeMegabytes":20,"bundleId":"edu.ucsd.cs.mmccrack.bibdesk","updateAvailable":false,"externalVersionId":"0","name":"BibDesk.app","path":"/Applications/TeX/BibDesk.app","version":"1.6.14","macAppStore":false},{"name":"Shortcuts.app","path":"/System/Applications/Shortcuts.app","version":"7.0","macAppStore":false,"sizeMegabytes":4,"bundleId":"com.apple.shortcuts","updateAvailable":false,"externalVersionId":"0"},{"externalVersionId":"0","name":"Keka.app","path":"/Applications/Keka.app","version":"1.4.4","macAppStore":false,"sizeMegabytes":49,"bundleId":"com.aone.keka","updateAvailable":false},{"updateAvailable":false,"externalVersionId":"0","name":"Microsoft Excel.app","path":"/Applications/Microsoft Excel.app","version":"16.91.24111020","macAppStore":false,"sizeMegabytes":2064,"bundleId":"com.microsoft.Excel"},{"bundleId":"com.apple.weather","updateAvailable":false,"externalVersionId":"0","name":"Weather.app","path":"/System/Applications/Weather.app","version":"5.0","macAppStore":false,"sizeMegabytes":16},{"updateAvailable":false,"externalVersionId":"0","name":"Clock.app","path":"/System/Applications/Clock.app","version":"1.1","macAppStore":false,"sizeMegabytes":7,"bundleId":"com.apple.clock"},{"name":"News.app","path":"/System/Applications/News.app","version":"10.2","macAppStore":false,"sizeMegabytes":4,"bundleId":"com.apple.news","updateAvailable":false,"externalVersionId":"0"},{"path":"/Applications/TeX/TeXShop.app","version":"4.01","macAppStore":false,"sizeMegabytes":55,"bundleId":"TeXShop","updateAvailable":false,"externalVersionId":"0","name":"TeXShop.app"},{"name":"LaTeXiT.app","path":"/Applications/TeX/LaTeXiT.app","version":"2.10.1","macAppStore":false,"sizeMegabytes":17,"bundleId":"fr.chachatelier.pierre.LaTeXiT","updateAvailable":false,"externalVersionId":"0"},{"sizeMegabytes":1,"bundleId":"com.apple.BluetoothFileExchange","updateAvailable":false,"externalVersionId":"0","name":"Bluetooth File Exchange.app","path":"/System/Applications/Utilities/Bluetooth File Exchange.app","version":"9.0","macAppStore":false},{"bundleId":"com.apple.ScriptEditor2","updateAvailable":false,"externalVersionId":"0","name":"Script Editor.app","path":"/System/Applications/Utilities/Script Editor.app","version":"2.11","macAppStore":false,"sizeMegabytes":2},{"version":"1.1.0","macAppStore":false,"sizeMegabytes":49,"bundleId":"com.apple.podcasts","updateAvailable":false,"externalVersionId":"0","name":"Podcasts.app","path":"/System/Applications/Podcasts.app"},{"bundleId":"com.apple.iWork.Keynote","updateAvailable":false,"externalVersionId":"0","name":"Keynote.app","path":"/Applications/Keynote.app","version":"14.1","macAppStore":true,"sizeMegabytes":700},{"updateAvailable":false,"externalVersionId":"0","name":"Excalibur.app","path":"/Applications/TeX/Docs and Spell Utilities/Spelling/Excalibur-4.0.7/Excalibur.app","version":"4.0.7","macAppStore":false,"sizeMegabytes":1,"bundleId":"edu.bucknell.Excalibur"},{"updateAvailable":false,"externalVersionId":"0","name":"Python Launcher.app","path":"/Applications/Python 3.12/Python Launcher.app","version":"3.12.5","macAppStore":false,"sizeMegabytes":0,"bundleId":"org.python.PythonLauncher"},{"bundleId":"com.apple.Maps","updateAvailable":false,"externalVersionId":"0","name":"Maps.app","path":"/System/Applications/Maps.app","version":"3.0","macAppStore":false,"sizeMegabytes":68},{"version":"1.3","macAppStore":false,"sizeMegabytes":1,"bundleId":"com.apple.backup.launcher","updateAvailable":false,"externalVersionId":"0","name":"Time Machine.app","path":"/System/Applications/Time Machine.app"},{"version":"1.0","macAppStore":false,"sizeMegabytes":1,"bundleId":"com.apple.launchpad.launcher","updateAvailable":false,"externalVersionId":"0","name":"Launchpad.app","path":"/System/Applications/Launchpad.app"},{"name":"ColorSync Utility.app","path":"/System/Applications/Utilities/ColorSync Utility.app","version":"12.1.0","macAppStore":false,"sizeMegabytes":3,"bundleId":"com.apple.ColorSyncUtility","updateAvailable":false,"externalVersionId":"0"},{"bundleId":"com.apple.Chess","updateAvailable":false,"externalVersionId":"0","name":"Chess.app","path":"/System/Applications/Chess.app","version":"3.18","macAppStore":false,"sizeMegabytes":6},{"sizeMegabytes":113,"bundleId":"com.sublimetext.4","updateAvailable":false,"externalVersionId":"0","name":"Sublime Text.app","path":"/Applications/Sublime Text.app","version":"Build 4180","macAppStore":false},{"name":"Element.app","path":"/Applications/Element.app","version":"1.11.86","macAppStore":false,"sizeMegabytes":524,"bundleId":"im.riot.app","updateAvailable":false,"externalVersionId":"0"},{"name":"Boot Camp Assistant.app","path":"/System/Applications/Utilities/Boot Camp Assistant.app","version":"6.1.0","macAppStore":false,"sizeMegabytes":4,"bundleId":"com.apple.bootcampassistant","updateAvailable":false,"externalVersionId":"0"},{"externalVersionId":"0","name":"Mail.app","path":"/System/Applications/Mail.app","version":"16.0","macAppStore":false,"sizeMegabytes":27,"bundleId":"com.apple.mail","updateAvailable":false},{"updateAvailable":false,"externalVersionId":"0","name":"corpapp.app","path":"/Applications/corp/corpapp.app","version":"1.2.4","macAppStore":false,"sizeMegabytes":82,"bundleId":"com.corp.corpapp"},{"path":"/Applications/DisplayLink Manager.app","version":"1.11.0","macAppStore":false,"sizeMegabytes":17,"bundleId":"com.displaylink.DisplayLinkUserAgent","updateAvailable":false,"externalVersionId":"0","name":"DisplayLink Manager.app"},{"path":"/System/Applications/FindMy.app","version":"4.0","macAppStore":false,"sizeMegabytes":33,"bundleId":"com.apple.findmy","updateAvailable":false,"externalVersionId":"0","name":"FindMy.app"},{"version":"10.5","macAppStore":false,"sizeMegabytes":6,"bundleId":"com.apple.QuickTimePlayerX","updateAvailable":false,"externalVersionId":"0","name":"QuickTime Player.app","path":"/System/Applications/QuickTime Player.app"},{"path":"/System/Applications/Utilities/Digital Color Meter.app","version":"5.26","macAppStore":false,"sizeMegabytes":1,"bundleId":"com.apple.DigitalColorMeter","updateAvailable":false,"externalVersionId":"0","name":"Digital Color Meter.app"},{"version":"2.5.8","macAppStore":false,"sizeMegabytes":491,"bundleId":"com.sipgate.desktop","updateAvailable":false,"externalVersionId":"0","name":"Sipgate CLINQ.app","path":"/Applications/Sipgate CLINQ.app"},{"updateAvailable":false,"externalVersionId":"0","name":"Migration Assistant.app","path":"/System/Applications/Utilities/Migration Assistant.app","version":"15.2","macAppStore":false,"sizeMegabytes":1,"bundleId":"com.apple.MigrateAssistant"},{"bundleId":"com.apple.ActivityMonitor","updateAvailable":false,"externalVersionId":"0","name":"Activity Monitor.app","path":"/System/Applications/Utilities/Activity Monitor.app","version":"10.14","macAppStore":false,"sizeMegabytes":4},{"path":"/System/Applications/TextEdit.app","version":"1.20","macAppStore":false,"sizeMegabytes":2,"bundleId":"com.apple.TextEdit","updateAvailable":false,"externalVersionId":"0","name":"TextEdit.app"},{"path":"/System/Applications/Calendar.app","version":"15.0","macAppStore":false,"sizeMegabytes":7,"bundleId":"com.apple.iCal","updateAvailable":false,"externalVersionId":"0","name":"Calendar.app"},{"bundleId":"com.apple.stocks","updateAvailable":false,"externalVersionId":"0","name":"Stocks.app","path":"/System/Applications/Stocks.app","version":"7.1","macAppStore":false,"sizeMegabytes":3},{"updateAvailable":false,"externalVersionId":"0","name":"Feedback Assistant.app","path":"/Applications/Utilities/Feedback Assistant.app","version":"5.1","macAppStore":false,"sizeMegabytes":6,"bundleId":"com.apple.appleseed.FeedbackAssistant"},{"path":"/System/Applications/Photo Booth.app","version":"13.1","macAppStore":false,"sizeMegabytes":4,"bundleId":"com.apple.PhotoBooth","updateAvailable":false,"externalVersionId":"0","name":"Photo Booth.app"},{"externalVersionId":"0","name":"Mac Evaluation Utility.app","path":"/Applications/Mac Evaluation Utility.app","version":"4.6.3","macAppStore":false,"sizeMegabytes":33,"bundleId":"com.apple.MacEvalUtility","updateAvailable":false},{"name":"Home.app","path":"/System/Applications/Home.app","version":"9.0","macAppStore":false,"sizeMegabytes":5,"bundleId":"com.apple.Home","updateAvailable":false,"externalVersionId":"0"},{"externalVersionId":"0","name":"Nudge.app","path":"/Applications/Utilities/Nudge.app","version":"2.0.11.81805","macAppStore":false,"sizeMegabytes":3,"bundleId":"com.github.macadmins.Nudge","updateAvailable":false},{"macAppStore":false,"sizeMegabytes":4,"bundleId":"com.apple.DiskUtility","updateAvailable":false,"externalVersionId":"0","name":"Disk Utility.app","path":"/System/Applications/Utilities/Disk Utility.app","version":"22.7"},{"version":"3.5.10","macAppStore":false,"sizeMegabytes":98,"bundleId":"com.googlecode.iterm2","updateAvailable":false,"externalVersionId":"0","name":"iTerm.app","path":"/Applications/iTerm.app"},{"externalVersionId":"0","name":"System Settings.app","path":"/System/Applications/System Settings.app","version":"15.0","macAppStore":false,"sizeMegabytes":7,"bundleId":"com.apple.systempreferences","updateAvailable":false},{"updateAvailable":false,"externalVersionId":"0","name":"Automator.app","path":"/System/Applications/Automator.app","version":"2.10","macAppStore":false,"sizeMegabytes":4,"bundleId":"com.apple.Automator"},{"version":"7.2","macAppStore":false,"sizeMegabytes":54,"bundleId":"com.apple.iBooksX","updateAvailable":false,"externalVersionId":"0","name":"Books.app","path":"/System/Applications/Books.app"},{"sizeMegabytes":114,"bundleId":"com.sublimemerge","updateAvailable":false,"externalVersionId":"0","name":"Sublime Merge.app","path":"/Applications/Sublime Merge.app","version":"Build 2102","macAppStore":false},{"externalVersionId":"0","name":"Mission Control.app","path":"/System/Applications/Mission Control.app","version":"1.2","macAppStore":false,"sizeMegabytes":0,"bundleId":"com.apple.exposelauncher","updateAvailable":false},{"macAppStore":false,"sizeMegabytes":1,"bundleId":"com.apple.Stickies","updateAvailable":false,"externalVersionId":"0","name":"Stickies.app","path":"/System/Applications/Stickies.app","version":"10.3"},{"version":"1.54","macAppStore":false,"sizeMegabytes":126,"bundleId":"com.googlecode.mactlmgr.tlu","updateAvailable":false,"externalVersionId":"0","name":"TeX Live Utility.app","path":"/Applications/TeX/TeX Live Utility.app"},{"version":"1.2.50.335","macAppStore":false,"sizeMegabytes":312,"bundleId":"com.spotify.client","updateAvailable":false,"externalVersionId":"0","name":"Spotify.app","path":"/Applications/Spotify.app"},{"bundleId":"com.apple.helpviewer","updateAvailable":false,"externalVersionId":"0","name":"Tips.app","path":"/System/Applications/Tips.app","version":"15.2","macAppStore":false,"sizeMegabytes":4},{"version":"1.2","macAppStore":false,"sizeMegabytes":5,"bundleId":"com.apple.ScreenContinuity","updateAvailable":false,"externalVersionId":"0","name":"iPhone Mirroring.app","path":"/System/Applications/iPhone Mirroring.app"},{"externalVersionId":"0","name":"Audio MIDI Setup.app","path":"/System/Applications/Utilities/Audio MIDI Setup.app","version":"3.6","macAppStore":false,"sizeMegabytes":9,"bundleId":"com.apple.audio.AudioMIDISetup","updateAvailable":false},{"externalVersionId":"0","name":"Calculator.app","path":"/System/Applications/Calculator.app","version":"11.0","macAppStore":false,"sizeMegabytes":2,"bundleId":"com.apple.calculator","updateAvailable":false},{"name":"Freeform.app","path":"/System/Applications/Freeform.app","version":"3.2","macAppStore":false,"sizeMegabytes":28,"bundleId":"com.apple.freeform","updateAvailable":false,"externalVersionId":"0"},{"bundleId":"com.apple.AppStore","updateAvailable":false,"externalVersionId":"0","name":"App Store.app","path":"/System/Applications/App Store.app","version":"3.0","macAppStore":false,"sizeMegabytes":15}],"certificates":null,"packageReceipts":null,"fonts":null,"printers":null,"ibeacons":null,"extensionAttributes":null,"contentCaching":null,"diskEncryption":{"diskEncryptionConfigurationName":null,"fileVault2EligibilityMessage":"Eligible","fileVault2EnabledUserNames":["user1.usersurname"],"bootPartitionEncryptionDetails":{"partitionFileVault2State":"ENCRYPTED","partitionFileVault2Percent":100,"partitionName":"Macintosh HD (Boot Partition)"},"individualRecoveryKeyValidityStatus":"VALID","institutionalRecoveryKeyPresent":false},"id":"51","services":null,"userAndLocation":{"realname":"user1 usersurname","phone":null,"buildingId":null,"email":"[email protected]","departmentId":null,"username":"user1.usersurname","room":null,"extensionAttributes":[],"position":null},"udid":"1666666-9999-0000-97E6-555555560D2","attachments":null,"security":{"gatekeeperStatus":"APP_STORE_AND_IDENTIFIED_DEVELOPERS","firewallEnabled":true,"bootstrapTokenAllowed":null,"bootstrapTokenEscrowedStatus":"ESCROWED","externalBootLevel":"ALLOW_BOOTING_FROM_EXTERNAL_MEDIA","recoveryLockEnabled":true,"secureBootLevel":"FULL_SECURITY","remoteDesktopEnabled":false,"xprotectVersion":"5283","activationLockEnabled":false,"sipStatus":"ENABLED","autoLoginDisabled":true},"plugins":null,"localUserAccounts":[{"homeDirectorySizeMb":-1,"computerAzureActiveDirectoryId":null,"fullName":"user1 usersurname","homeDirectory":"/Users/user1.usersurname","passwordRequireAlphanumeric":false,"username":"user1.usersurname","passwordMaxAge":null,"userAccountType":"LOCAL","azureActiveDirectoryId":null,"fileVault2Enabled":true,"passwordMinLength":4,"passwordMinComplexCharacters":null,"admin":true,"uid":"501","passwordHistoryDepth":null,"userGuid":"55555555-6666-7777-8888-999999999","userAzureActiveDirectoryId":null}],"configurationProfiles":null,"softwareUpdates":[{"name":"macOS Sequoia 15.2 Beta 3","packageName":"macOS Sequoia 15.2 Beta 3-24C5089c","version":"15.2"}],"operatingSystem":{"name":"macOS","version":"15.2.0","fileVault2Status":"BOOT_ENCRYPTED","rapidSecurityResponse":null,"activeDirectoryStatus":"Not Bound","extensionAttributes":[],"supplementalBuildVersion":"24C5079e","softwareUpdateDeviceId":"J615AP","build":"24C5079e"},"hardware":{"altNetworkAdapterType":"Ethernet","modelIdentifier":"Mac15,13","nicSpeed":"1 Gbps","processorSpeedMhz":0,"batteryCapacityPercent":1,"altMacAddress":"36:A1:XX:XX:XX:XX","model":"MacBook Air (15-inch, M3, 2024)","processorArchitecture":"arm64","extensionAttributes":[{"enabled":true,"description":null,"dataType":"DATE_TIME","options":[],"definitionId":"18","multiValue":false,"values":["2027-08-16 02:00:00"],"name":"Warranty valid until","inputType":"SCRIPT"}],"coreCount":8,"totalRamMegabytes":24576,"macAddress":"84:94:37:XX:XX:XX","cacheSizeKilobytes":0,"processorCount":1,"processorType":"Apple M3","serialNumber":"xxxxxxxxxx","bleCapable":false,"networkAdapterType":"IEEE80211","make":"Apple","opticalDrive":null,"supportsIosAppInstalls":true,"smcVersion":null,"openRamSlots":0,"busSpeedMhz":0,"appleSilicon":true,"bootRom":"11881.60.608.501.1"},"licensedSoftware":null,"purchasing":null,"general":{"supervised":true,"distributionPoint":null,"barcode1":null,"userApprovedMdm":true,"lastEnrolledDate":"2024-08-22T18:34:28.35Z","declarativeDeviceManagementEnabled":true,"platform":"Mac","lastCloudBackupDate":null,"enrollmentMethod":{"id":"1","objectName":"macOS Prod 04.07.23","objectType":"PreStage enrollment"},"site":{"id":"-1","name":"None"},"lastReportedIp":"192.168.1.123","jamfBinaryVersion":"11.10.1-t1728656858","mdmProfileExpiration":"2026-08-22T18:34:08Z","reportDate":"2024-11-21T08:06:50.272Z","lastIpAddress":"172.31.0.5","enrolledViaAutomatedDeviceEnrollment":true,"name":"neutronstar","remoteManagement":{"managementUsername":null,"managed":true},"assetTag":null,"initialEntryDate":"2024-08-22","managementId":"66666666-4444-4333-2222-11111111111","extensionAttributes":[{"enabled":true,"values":[],"dataType":"STRING","description":"Extension Attribute provided by JAMF Nation patch service","multiValue":false,"definitionId":"15","inputType":"SCRIPT","options":[],"name":"jamf-patch-eclipse-for-java"},{"options":[],"name":"jamf-patch-python-3","inputType":"SCRIPT","description":"Extension Attribute provided by JAMF Nation patch service","multiValue":false,"values":["|3.12.5|"],"dataType":"STRING","enabled":true,"definitionId":"25"},{"dataType":"STRING","name":"jamf-patch-yubikey-manager","definitionId":"17","options":[],"enabled":true,"values":[],"multiValue":false,"description":"Extension Attribute provided by JAMF Nation patch service","inputType":"SCRIPT"},{"multiValue":false,"inputType":"SCRIPT","values":["2.5.1"],"enabled":true,"options":[],"definitionId":"13","name":"jamf-patch-swiftdialog","dataType":"STRING","description":"Extension Attribute provided by JAMF Nation patch service"},{"enabled":true,"inputType":"SCRIPT","multiValue":false,"name":"jamf-patch-caffeine","dataType":"STRING","definitionId":"9","values":["|1.1.3|"],"description":"Extension Attribute provided by JAMF Nation patch service","options":[]},{"values":["|132.0.2|"],"dataType":"STRING","description":"Extension Attribute provided by JAMF Nation patch service","inputType":"SCRIPT","enabled":true,"multiValue":false,"options":[],"definitionId":"10","name":"jamf-patch-mozilla-firefox"},{"description":"Extension Attribute provided by JAMF Nation patch service","options":[],"definitionId":"11","values":["3.14.3.0"],"enabled":true,"multiValue":false,"inputType":"SCRIPT","name":"jamf-patch-nextcloud","dataType":"STRING"},{"values":[],"description":"Extension Attribute provided by JAMF Nation patch service","definitionId":"12","multiValue":false,"name":"jamf-patch-opera","inputType":"SCRIPT","options":[],"dataType":"STRING","enabled":true},{"enabled":true,"inputType":"SCRIPT","description":"Extension Attribute provided by JAMF Nation patch service","options":[],"multiValue":false,"dataType":"STRING","values":[],"name":"jamf-patch-jamf-protect","definitionId":"14"},{"description":"Extension Attribute provided by JAMF Nation patch service","values":["4.76.24101387"],"name":"jamf-patch-microsoft-autoupdate","inputType":"SCRIPT","dataType":"STRING","enabled":true,"definitionId":"16","multiValue":false,"options":[]}],"mdmCapable":{"capable":true,"capableUsers":["user1.usersurname"]},"barcode2":null,"lastContactTime":"2024-11-21T08:44:00.692Z","itunesStoreAccountActive":true},"groupMemberships":null},"tags":["forwarded"],"input":{"type":"cel"}}\n' (status=400): {"type":"document_parsing_exception","reason":"[1:1028] object mapping for [jamf_pro.inventory.general.mdm_capable.capable_users] tried to parse field [null] as object, but found a concrete value"}, dropping event!","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"cel-default","type":"cel"},"log":{"source":"cel-default"},"log.origin":{"file.line":489,"file.name":"elasticsearch/client.go","function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).applyItemStatus"},"service.name":"filebeat","log.type":"event","ecs.version":"1.6.0","log.logger":"elasticsearch","ecs.version":"1.6.0"}

What did you do?

- data_stream:
    namespace: default
  id: cel-general_settings-f45920bb-83c3-427c-b71b-2db32373ef47
  meta:
    package:
      name: jamf_pro
      version: 0.1.1
  name: jamf-jamf-pro
  package_policy_id: f45920bb-83c3-427c-b71b-2db32373ef47
  revision: 9
  streams:
  - auth:
      oauth2:
        client:
          id: <redacted>
          secret: <redacted>
        endpoint_params:
          grant_type: client_credentials
        token_url: https://jamf.corp.tld:8443/api/oauth/token
    config_version: 2
    data_stream:
      dataset: jamf_pro.inventory
      type: logs
    id: cel-jamf_pro.inventory-f45920bb-83c3-427c-b71b-2db32373ef47
    interval: 24h
    keep_null: true
    max_executions: null
    program: "request(\n\t\"GET\",\n\tstate.url.trim_right(\"/\") + \"?\" + {\n\t\t\"section\":
      state.sections,\n\t\t\"page-size\": [string(state.page_size)],\n\t\t\"sort\":
      [\"general.reportDate:asc\"],\n\t\t?\"filter\": (has(state.?cursor.last_report_date)
      && state.?cursor.last_report_date.orValue(\"\") != \"\") ?\n\t\t\toptional.of([\"general.reportDate>=\\\"\"
      + state.cursor.last_report_date + \"\\\"\"])\n\t\t:\n\t\t\toptional.none(),\n\t}.format_query()\n).with(\n\t{\n\t\t\"Header\":
      {\n\t\t\t\"Content-Type\": [\"application/json\"],\n\t\t},\n\t}\n).do_request().as(resp,\n\tbytes(resp.Body).decode_json().as(body,
      (resp.StatusCode != 200) ?\n\t\t{\n\t\t\t\"events\": [\n\t\t\t\t{\n\t\t\t\t\t\"error\":
      {\"message\": \"response: \" + string(resp.StatusCode)},\n\t\t\t\t\t\"event\":
      {\"original\": resp.Body},\n\t\t\t\t},\n\t\t\t],\n\t\t}\n\t:\n\t\tstate.with(\n\t\t\t{\n\t\t\t\t\"events\":
      body.results.map(e,\n\t\t\t\t\t{\n\t\t\t\t\t\t\"message\": e,\n\t\t\t\t\t\t?\"event.original\":
      state.?preserve_original_event.orValue(false) ? optional.of(e.encode_json())
      : optional.none(),\n\t\t\t\t\t}\n\t\t\t\t),\n\t\t\t\t\"want_more\": body.totalCount
      > size(body.results),\n\t\t\t\t\"cursor\": {\n\t\t\t\t\t\"last_report_date\":
      (size(body.results) == 0 || size(body.results) == body.totalCount) ?\n\t\t\t\t\t\tstate.?cursor.last_report_date.orValue(\"\")\n\t\t\t\t\t:\n\t\t\t\t\t\tstring(body.results[size(body.results)
      - 1].general.reportDate),\n\t\t\t\t},\n\t\t\t}\n\t\t)\n\t)\n)"
    publisher_pipeline:
      disable_host: true
    resource:
      timeout: null
      url: https://jamf.corp.tld:8443/api/v1/computers-inventory
    state:
      page_size: 100
      preserve_original_event: false
      sections:
      - GENERAL
      - HARDWARE
      - OPERATING_SYSTEM
      - DISK_ENCRYPTION
      - APPLICATIONS
      - STORAGE
      - USER_AND_LOCATION
      - LOCAL_USER_ACCOUNTS
      - SECURITY
      - SOFTWARE_UPDATES
    tags:
    - forwarded
  type: cel
  use_output: default

What did you see?

inventory data is nit loaded into ES, error logs suggest mapping / parsing error

What did you expect to see?

Load the inventory data into ES

Anything else?

We got it working, adding a custom mapping with:

POST _component_template/logs-jamf_pro.inventory@custom
{
  "template": {
    "mappings": {
      "properties": {
        "jamf_pro": {
          "properties": {
            "inventory": {
              "properties": {
                "disk_encryption": {
                    "properties": {
                        "file_vault2enabled_user_names": {
                            "type": "keyword"
                        }
                    }
                },
                "general": {
                  "properties": {
                    "mdm_capable": {
                      "properties": {
                        "capable_users": {
                          "type": "keyword"
                        }
                      }
                    },
                    "enrollment_method": {
                      "type": "object"
                    }
                  }
                }
              }
            }
          }
        }
      }
    }
  }
}

maybe the API fro JAMF changed? https://developer.jamf.com/jamf-pro/changelog list some changes for /v1/computer-inventory/
@andrewkroh andrewkroh added Integration:jamf_pro Jamf Pro Team:Security-Service Integrations Security Service Integrations Team [elastic/security-service-integrations] labels Nov 22, 2024
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Integration:jamf_pro Jamf Pro needs:triage Team:Security-Service Integrations Security Service Integrations Team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@andrewkroh @northalpha @elasticmachine