Your Personal Security Expert: Jamf AI Assistant for Protect Alerts #JNUC2025
Transform security alert overload into confident incident response using Jamf AI Assistant as your on-demand security expert. Mike Levenick (Quality & Safety Engineer, AI, Jamf) demonstrates how retrieval-augmented generation (RAG) technology combined with Jamf Threat Labs expertise helps non-security admins understand, prioritize, and act on Jamf Protect alerts. Learn how the AI Assistant analyzes raw JSON alert data, pivots to telemetry streams to build attack timelines, and generates pre-configured remediation scripts scoped to specific machines—all without requiring security certifications or deep malware analysis skills. Discover how the AI Assistant leverages Jamf Threat Labs malware wiki and prompt engineering from security experts to identify sophisticated attacks including info stealers, time stomping (defense evasion), and cryptocurrency miners masquerading as system processes. See real demonstrations of comparing multiple alerts to determine relationships, translating technical security language for executive communication, and distinguishing legitimate testing from actual threats using process lineage and execution data analysis. What You'll Learn: ► Understanding behavior-based detections vs. telemetry data: high signal-to-noise alerts vs. comprehensive event streams ► How retrieval-augmented generation (RAG) reduces AI hallucinations by searching Jamf documentation and Threat Labs wiki ► Analyzing Jamf Protect alerts: AI fetches raw JSON via API and applies security expert-engineered prompts ► Pivoting to telemetry with configurable time windows (1-15 minutes) to build comprehensive attack timelines ► Generating remediation scripts with parameters: killing processes, quarantining files, removing persistence (launch agents/daemons) ► Human-in-the-loop safeguards: confirming script execution and monitoring via Jamf Pro policy execution logs ► Detecting info stealers: identifying credential harvesting attempts disguised as legitimate authentication prompts ► Time stomping detection: recognizing when malware modifies file timestamps for defense evasion ► Comparing multiple alerts to determine attack relationships using timestamps, users, and process hierarchy ► Communicating security incidents: drafting executive summaries and explaining like you're five (ELI5) #jamfai #jamfprotect #securityalert #aiassistant #threatmanagement #incidentresponse #rag #malwareanalysis #securityautomation Who This Video Is For: ► Mac admins managing security without dedicated security teams ► IT professionals overwhelmed by security alert volume ► Organizations without in-house threat labs or security operations centers ► Jamf administrators seeking to improve incident response times ► Teams needing to communicate security issues to non-technical stakeholders 0:00 Introduction: Security Alerts Without Security Expertise 2:30 Jamf Pro Policies vs. Configuration Profiles: Understanding the Difference 3:46 Jamf Protect: Behavior-Based Detection vs. Telemetry Data Streams 6:06 Jamf AI Assistant: Retrieval-Augmented Generation (RAG) Explained 8:36 Jamf Threat Labs: Security Experts Engineering AI Prompts 9:48 How AI Assistant Works: Fetching Alert JSON and Analyzing with Threat Labs Expertise 11:02 Telemetry Pivot: Building Attack Timelines from Thousands of Events 12:06 Remediation Script Generation: Pre-Configured Parameters for Killing Processes and Quarantining Files 13:37 Demo: Info Stealer Alert Analysis and ELI5 Explanation 16:00 Demo: Time Stomping Detection (Defense Evasion via File Timestamp Manipulation) 18:33 Comparing Multiple Alerts: Determining Attack Relationships 20:16 Demo: Cryptocurrency Miner Masquerading as Apple System Process 24:14 Tips for Success: Providing Context Not Conclusions to Avoid Misleading AI 25:31 Don't Assume Possibility: Let AI Search for Available Options 26:44 Be Verbose: More Context Improves AI Decision-Making 28:02 Trust But Verify: Using Source Citations to Confirm AI Recommendations 29:21 Future: Model Context Protocol (MCP) for Custom AI Integrations Key Technologies Covered: Jamf AI Assistant, Jamf Protect, retrieval-augmented generation (RAG), Jamf Threat Labs malware wiki, behavior-based detection, telemetry analysis, Jamf Pro policy remediation, process lineage analysis, MITRE ATT&CK framework, launch agents/daemons, defense evasion techniques Related Topics: Security alert triage, incident response automation, AI-powered threat analysis, cryptocurrency miner detection, info stealer identification, malware masquerading, defense evasion tactics, prompt engineering for security, human-in-the-loop automation

Illia Polosukhin

Mac Admins vs Shadow IT: Detecting Unauthorized Apps and SaaS Tools #JNUC2025

Learn Snowflake in 2 Hours| High Paying Skills | Step by Step For Beginners

Full Archon Guide - Build AI Coding Harnesses That Actually Ship (LIVE)

Edoardo Debenedetti

Keynote: After the AI Hype – What’s Real, and What’s Next - Richard Campbell - 2026

Analysis Panel with Loret: Lorena Becerra, Maite Azuela, Silva-Herzog, Aguilar Camín, and de Mauleón

God Says:"AN URGENT CALL — OPEN QUICKLY TO HEAR WHAT I HAVE TO SAY."/God Message Now/God Message

Something is jamming GPS over Europe. Here's what we found

Complete Terraform Course - From BEGINNER to PRO! (Learn Infrastructure as Code)

Data + AI Summit Keynote 2026 | Day 2

CLAUDE CODE ADVANCED FULL COURSE (3 HOURS)

Apple Platform Security

Data + AI Summit Keynote 2026 | Day 1
![Kubernetes Tutorial for Beginners [FULL COURSE in 4 Hours]](https://i.ytimg.com/vi/X48VuDVv0do/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLDNg7nINwKqigXGqrL80FN9YuTNGg)
Kubernetes Tutorial for Beginners [FULL COURSE in 4 Hours]

Is Your School Ready for AI? Navigating Privacy and Ethics

Zero-Click Attacks: AI Agents and the Next Cybersecurity Challenge

Build a Complete Medical Chatbot with LLMs, LangChain, Pinecone, Flask & AWS 🔥

Gemini CLI Essentials – Full Course
![Power Automate Beginner to Pro Tutorial [Full Course]](https://i.ytimg.com/vi/1p5kI7SYz4Q/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLDIQUeJjCKSUU_QtkVwDZktEykVCg)
