Splunk Enterprise is a self-hosted version of Splunk — a security information and event management (SIEM) solution that allows organizations to collect, index, report, and present data from multiple sources. Since fdew months there is a new option in Splunk to connect with Jamf Pro, an Apple Device Management, MDM and Inventory solution.

Once desired data is in Splunk, it’s simple to start searching across log, event and other data. This time with Splunk, we’ll look how inventory data is pulled from Jamf Pro into Splunk Enterprise with a dedicated Splunk Add-on.

For this tutorial, we will set up a…


Splunk is a security information and event management (SIEM) solution that allows organizations to collect, index, report, and present data from multiple sources.

Zentral is centralized service that gathers event data from multiple sources and deploy configurations to multiple services. It allows for orchestration and event management with certain macOS security components such as Osquery for endpoint visibility, and the Google’s Santa binary authorization system and will link events with an inventory (Jamf Pro, Munki, PuppetDB, et-al).

Zentral is built on top of the popular Elastic Stack, by default, ElasticSearch is the primary data store when search for historical events…


Last week on Friday, Taylor Boyko, Founder and CEO at SimpleMDM, announced they will launch Munki powered by SimpleMDM short after the MacDevOps:YVR conference .

The full-length announcement can be read here

Now a just a few days later, the technology preview is already live at the customers that have requested to be…


Mid of last week National Institute of Standards and Technology
has a released an exiting open-source Framework on GitHub: macos_security.

macos_security — a macOS Security Compliance Project

The project helps to setup and organize security baselines, and technical security controls in a structured and formulated fashion.

The intention is to provide a unified way to define and set security controls on the macOS platform. The project is scoped mostly towards System Administrators, Security Researchers, and Vendors.

The projects’s FAQ states a great summary on it’s motives here:


This is a short Step-By-Step instruction how to start a Zentral-all-in-one deployment on Amazon AWS. To make it even easier for you to follow along, we’ve recorded a screencast (4:25) to complement this blogpost.

See a quick steps for Zentral AWS deployment. A walk-through in less than 5 minutes.

For a full reference and in-depth version of the AWS / EC2 instructions go and check out the Wiki here.

Deployment Prerequisites

There are a few requirements to deploy Zentral-all-in-one (ZAIO) on AWS. You need to have:

  • An active AWS account (note: running on a t2.micro instance in AWS free will unfortunately not…

In this post we’ll look how to enable the SingleSignOn (SSO) authentication for Zentral based on AzureAD/O365. So in case you happen to already use Azure as your SAML 2.0 provider we’ll show how quickly enable the Azure based sign-in for a Zentral instance.

Preparations in Azure

Before we start to activate SSO on the Zentral server side, we’ll need to setup the basics in Azure. For a common Azure based SSO setup you‘ll have to create a new Azure Enterprise App and activate it’s SAML 2.0 setting.

  1. Log into your Azure account
  2. Locate the Azure Active Directory (AAD) service
  3. Scroll down to…

We continuously update the Zentral codebase, recently we’ve merged our latest dev branch into master. Why worth mention with a full blogpost ? — Well we’ve build-in some nice new updates into Zentral and so you’ll probably want to check these out in more detail. Let’s start a quick overview on latest enhancements and dive a bit into our reorganized inventory view and a new introduced “drilldown” functionality.

Ok, so what’s new ?

Inventory quick drilldown

Functionality and Code updates

This is a list of noteworthy additions that we’d like to emphasis for our spring release of Zentral:

  • A reorganized inventory view with a new drilldown user-interface (UI)
  • Based on drilldown you’ll…

Welcome the fourth episode to get up and running Zentral-all-in-one on Google Cloud Platform. In this chapter we are enabling a SSO setup by using Okta as our SAML provider. A similar setup will also work with Google G Suite, many other SAML 2.0 providers should work to SSO into your Zentral server as well.

Note: We have only tested GSuite and Okta here. Let us know of other SAML providers you’ve used.

Preparation

Log into Okta and create a new custom App. You must select SAML 2.0 protocol here.


Intoduction

Welcome back to our third tutorial in a series on Zentral. In this chapter we peek into internal settings, run few linux systemd commands and go inspect server side processes and workers on command line as well as in the Prometheus 2.0 interface.

From previous chapter we do already know, in case we see a HTTP 502 status code instead of a Kibana 6 interface, a systemct command below will help restart the service for us:

systemctl restart elasticsearch 
systemctl restart kibana

Prometheus 2.0


Welcome back to a tutorial series to run and explore Zentral in more detail. In this chapter we launch our “Zentral-all-in-one” instance. We setup our Let’s encrypt TLS certificate, create a admin user to login to Zentral web-interface, and prepare Kibana to show events from the zentral-events index.

The previous chapters and an overview on Zentral can be found for a review here:

Now let’s start!

Stage 3 — Startup the Zentral server

We use the GCP admin web interface to open up a terminal session in the browser window, of…

zentral

We’re the developers behind Zentral. We operate a consultancy business, provide expertise and services all around Mac management. Contact: https://zentral.pro

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store