Skip to main content
Applies to BloodHound Enterprise and CE This page covers configuring the Jamf collector for your JAMF Pro tenant.

Prerequisites

  • OpenHound installed with the Jamf collector included. Follow the OpenHound installation instructions to set up OpenHound for BloodHound Community Edition. The Jamf collector is included by default in the OpenHound container image.
  • A JAMF Pro account with permissions to access the JAMF Pro API. See the options below for recommended roles and permissions.
Create a new account directly assigned or part of a group assigned the “Auditor” default JAMF Pro role with “Full Access”. This account will have restricted read permissions to JAMF Pro objects.

Administrator Account

The Jamf collector can authenticate using username and password for an account that has the default “Administrator” role with “Full Access” or member of a group with the “Administrator” role and “Full Access”. This is the least secure option and does not follow the best practice of least-privilege.

Configure OpenHound

The following OpenHound configuration parameters are required to run the Jamf collector. These can either be set via the [sources.source.jamf] section of the secrets file or via environment variables using the SOURCES__SOURCE__JAMF prefix.
Parameter NameEnvironment VariableDescription
username{PREFIX}__USERNAMEThe username of the account used to authenticate to the JAMF Pro API.
password{PREFIX}__PASSWORDThe password of the account used to authenticate to the JAMF Pro API.
host{PREFIX}__HOSTThe full host/url of the JAMF Pro tenant. For example: https://jamf.example.com.

Example Configuration

secrets.toml
[sources.source.jamf]
username = "myusername"
host = "https://tenant.jamfcloud.com"
password = "mypassword"

Running OpenHound and Collecting Data

After you set the required configuration parameters, run OpenHound to start the collector and collect data from your . The collector will generate JSON files in the output directory that can be uploaded to BloodHound for analysis.