SOFA Use cases
IMPORTANT NOTE: Update Your Use of SOFA Feed
Implement a USER-AGENT in Custom Tools
To optimize hosting and caching for SOFA, please implement a user-agent in your integrations, tools, and workflows. This enhances performance and user interactions with SOFA.
Update to the New Feed Location
Please update your scripts that are utilising the SOFA macOS and iOS feeds to point to https://sofafeed.macadmins.io/v1/macos_data_feed.json and https://sofafeed.macadmins.io/v1/ios_data_feed.json respectively. The old feed addresses of https://sofa.macadmins.io/v1/macos_data_feed.json and https://sofa.macadmins.io/v1/ios_data_feed.json are deprecated and will be removed soon.
Osquery
Use Osquery with the MacAdmins Open Source (MAOS) Osquery Extension and the new SOFA tables to monitor unpatched CVEs on macOS. By leveraging the sofa_unpatched_cves
and sofa_info
tables, you can identify vulnerabilities and patch levels not addressed by current system updates across your fleet. This use case enhances security monitoring by providing insights into unpatched and actively exploited CVEs, ensuring systems are kept up to date and secure.
For more details, visit the original blog post about SOFA and MacAdmins Osquery Extension here.
Nudge 2.0
Nudge is a MacAdmins Open Source tool designed to encourage the installation of macOS security updates. The latest release, Nudge 2.0, integrates with the SOFA feed to keep macOS systems up to date. By default, it checks the SOFA feed every 24 hours, caching the data locally. Users can customize the refresh interval, set a custom feed URL, and manage support for unsupported devices. Customizable UI elements indicate when a device is unsupported, with text fields and overlay icons to highlight this status.
For more details, visit the Nudge Wiki.
Using SOFA with Jamf Pro
Integrate SOFA with Jamf Pro to monitor macOS and XProtect updates. SOFA provides up-to-date information on macOS versions and XProtect updates, allowing you to determine if systems are compliant. Use Jamf Pro Extension Attribute scripts (macOSVersionCheck-EA.sh and XProtectVersionCheck-EA.sh) to check local system versions against the latest updates in the SOFA JSON feed. Results can be used to scope non-compliant computers into Smart Groups, triggering MDM/DDM commands to ensure systems are updated.
For more details, visit the original blog posts here:
More use cases
Check out further use case examples in our repo here.