Paste the json schema in the "Custom Schema" field when creating a configuration profile in Jamf.
Click the "Properties" tab to edit and configure settings
Full text of the configuration profile schema to paste into Jamf web console.
{
"title": "cmdReporter Settings",
"description": "Domain: com.cmdsec.cmdreporter",
"options": {
"remove_empty_properties": true
},
"properties":
{
"AuditLevel":
{
"type": "integer",
"title": "AuditLevel",
"description": "Log Verbosity Level. Recommended: 1 or 2",
"enum": [1, 2, 3],
"enum_titles": [1, 2, 3],
"default": 1
},
"AuditEventLogVerboseMessages":
{
"type": "boolean",
"title": "AuditEventLogVerboseMessages",
"default": false,
"description": "Log messages cmdReporter deems non-critical. Recommended: false"
},
"AuditEventExcludedUsers":
{
"type": "array",
"description": "Users to exclude from audit logging. Recommended: None",
"title": "AuditEventExcludedUsers",
"options":
{
"infoText": "Key: AllowedEmailDomains"
},
"items":
{
"type": "string",
"title": "Excluded User",
"options":
{
"inputAttributes":
{
"placeholder": "dan"
}
}
}
},
"AuditEventExcludedProcesses":
{
"type": "array",
"title": "AuditEventExcludedProcesses",
"description": "Applications or processes to exclude from logging. Recommended: Only other security software",
"items":
{
"type": "string",
"title": "Excluded Processes",
"options":
{
"inputAttributes":
{
"placeholder": "/Applications/Security Tool.app"
}
}
}
},
"LogRemoteEndpointEnabled":
{
"type": "boolean",
"title": "LogRemoteEndpointEnabled",
"description": "Master switch for sending logs to remote destinations. Recommended: true",
"default": true
},
"LogRemoteEndpointURL":
{
"type": "string",
"title": "LogRemoteEndpointURL",
"description": "Full URL with port number where logs will be sent.",
"options":
{
"inputAttributes":
{
"placeholder": "https://company.splunk.server:443/services/collector/raw"
}
}
},
"LogRemoteEndpointType":
{
"type": "string",
"title": "LogRemoteEndpointType",
"description": "Switch which configuration is used for remote transmission. LogRemoteEndpoint(value) are additional configurations. Recommended: Splunk",
"enum": ["Syslog", "REST", "Kafka", "Splunk", "TLS", "AWSKinesis"],
"enum_titles": ["Syslog", "REST", "Kafka", "Splunk", "TLS", "AWSKinesis"],
"default": "Splunk"
},
"LogRemoteEndpointAWSKinesis":
{
"type": "object",
"title": "LogRemoteEndpointAWSKinesis",
"description": "Send logs directly to an AWS Kinesis stream",
"properties":
{
"AccessKeyID":
{
"type": "string",
"title": "AWS Access Key ID",
"description": "(Required) AWS Access Key ID",
"options":
{
"inputAttributes":
{
"placeholder": "EJNPQUNWGIJ..."
}
}
},
"SecretKey":
{
"type": "string",
"title": "AWS Secret Key",
"description": "(Required) AWS Secret Key",
"options":
{
"inputAttributes":
{
"placeholder": "vOQd2pqNMyNR3..."
}
}
},
"StreamName":
{
"type": "string",
"title": "AWS Kinesis Stream Name",
"description": "(Required) AWS Kinesis Stream Name (NOT ARN)",
"options":
{
"inputAttributes":
{
"placeholder": "cmdReporter"
}
}
},
"Region":
{
"type": "string",
"title": "Region",
"description": "(Required)",
"default": "us-east-1"
}
}
},
"LogRemoteEndpointKafka":
{
"type": "object",
"title": "LogRemoteEndpointKafka",
"description": "Configure certificate and topic for Apache Kafka",
"properties":
{
"TopicName":
{
"type": "string",
"title": "TopicName",
"description": "(Required) Kafka topic cmdReporter will publish to",
"default": "cmdReporter"
},
"TLSServerCertificate":
{
"type": "array",
"title": "TLSServerCertificate",
"description": "(Required) Common names for server certificate trust chain.",
"items":
{
"type": "string",
"title": "Certificate Common Name",
"options":
{
"infoText": "Maps to Kafka setting ssl.ca.location",
"inputAttributes":
{
"placeholder": "Apple Root CA - G2"
}
}
}
},
"TLSClientCertificate":
{
"type": "array",
"title": "TLSClientCertificate",
"description": "(Optional) common name of client certificate in system keychain.",
"options":
{
"infoText": "Maps to Kafka setting ssl.certificate.location",
"inputAttributes":
{
"placeholder": "server_name.company.com"
}
}
},
"TLSClientPrivateKey":
{
"type": "string",
"title": "TLSClientPrivateKey",
"description": "(Optional) PEM formatted client private key",
"options":
{
"infoText": "Maps to Kafka setting ssl.key.location",
"inputAttributes":
{
"placeholder": "-----BEGIN CERTIFICATE-----..."
}
}
}
}
},
"LogRemoteEndpointREST":
{
"type": "object",
"title": "LogRemoteEndpointREST",
"description": "REST or Splunk HEC settings. PublicKeyHash applies to both methods.",
"properties":
{
"PublicKeyHash":
{
"type": "string",
"title": "PublicKeyHash",
"description": "(Required) REST or Splunk HEC API key"
}
}
},
"LogRemoteEndpointTLS":
{
"type": "object",
"title": "LogRemoteEndpointTLS",
"description": "",
"properties":
{
"TLSServerCertificate":
{
"type": "array",
"title": "TLSServerCertificate",
"description": "(Required) Common names for server certificate trust chain.",
"items":
{
"type": "string",
"title": "Certificate Common Name",
"options":
{
"inputAttributes":
{
"placeholder": "Apple Root CA - G2"
}
}
}
}
}
},
"UnifiedLogPredicates":
{
"type": "array",
"title": "UnifiedLogPredicates",
"description": "Search terms that will be collected from the unified log systems.",
"items":
{
"type": "string",
"title": "Predicates",
"description": "Search terms that will be collected from the unified log systems.",
"options":
{
"inputAttributes":
{
"placeholder": "(subsystem == \"com.apple.securityd\")"
}
}
}
},
"LicenseEmail":
{
"type": "string",
"title": "LicenseEmail",
"description": "(Required)",
"placeholder": "name@company.com"
},
"LicenseExpirationDate":
{
"type": "string",
"title": "LicenseExpirationDate",
"description": "(Required) Format: 01/20/2020",
"placeholder": "01/20/2020"
},
"LicenseKey":
{
"type": "string",
"title": "LicenseKey",
"description": "(Required)",
"placeholder": "asdfh38chdj..."
},
"LicenseType":
{
"type": "string",
"title": "LicenseType",
"enum": ["Trial", "Annual"],
"enum_titles": ["Trial", "Annual"],
"default": "Annual",
"description": "(Required)"
},
"LicenseVersion":
{
"type": "string",
"title": "LicenseVersion",
"description": "(Required) Always leave at 1",
"default": "1"
},
"LogFileMaxNumberBackups":
{
"type": "integer",
"title": "LogFileMaxNumberBackups",
"description": "Maximum number of archived backups to keep before deleting oldest.",
"default": "10"
},
"LogFileMaxSizeMegaBytes":
{
"type": "integer",
"title": "LogFileMaxSizeMegaBytes",
"description": "Maximum log file size before rotating.",
"default": "50"
},
"LogFileOwnership":
{
"type": "string",
"title": "LogFileOwnership",
"description": "User and group ownership of log files",
"default": "root:wheel"
},
"LogFilePermission":
{
"type": "string",
"title": "LogFilePermission",
"description": "Octal permissions for live and archived log files.",
"default": "644"
},
"SecurityBaseline":
{
"type": "string",
"title": "SecurityBaseline",
"description": "Name of the security baseline to report on",
"enum": ["800-53_high","800-53_low","800-53_moderate","cnssi-1253","all_rules"],
"enum_titles": ["NIST 800-53_high","NIST 800-53_low","NIST 800-53_moderate","cnssi-1253","all_rules"],
"default": "all_rules"
},
"SecurityBaselineReportingInterval":
{
"type": "integer",
"title": "SecurityBaselineReportingInterval",
"description": "Number of minutes between security baseline reports.",
"default": "720"
},
"ProhibitedApps":
{
"type": "object",
"title": "ProhibitedApps",
"description": "Configure applications to be blocked from user sessions.",
"properties":
{
"PAExecutableNames":
{
"type": "array",
"title": "PAExecutableNames",
"description": "Process names to block from launching from a user session.",
"items":
{
"type": "string",
"title": "Executable Name",
"options":
{
"inputAttributes":
{
"placeholder": "fdesetup"
}
}
}
},
"PASigningIdentifiers":
{
"type": "array",
"title": "PASigningIdentifiers",
"description": "Process signing IDs to block from launching from a user session.",
"items":
{
"type": "string",
"title": "Executable App Signing ID",
"options":
{
"inputAttributes":
{
"placeholder": "com.apple.fdesetup"
}
}
}
},
"PATeamIdentifiers":
{
"type": "array",
"title": "PATeamIdentifiers",
"description": "Process team IDs to block from launching from a user session",
"items":
{
"type": "string",
"title": "Executable App Signing ID",
"options":
{
"inputAttributes":
{
"infoText": "This is the team ID for Wireshark as an example.",
"placeholder": "7Z6EMTD2C6"
}
}
}
}
}
}
}
}
