SOFA Use cases

IMPORTANT NOTE: Update Your Use of SOFA Feed

Implement a USER-AGENT in Custom Tools

To optimize hosting and caching for SOFA, please implement a user-agent in your integrations, tools, and workflows. This enhances performance and user interactions with SOFA.

Update to the New Feed Location

Please update your scripts that are utilising the SOFA macOS and iOS feeds to point to https://sofafeed.macadmins.io/v1/macos_data_feed.json and https://sofafeed.macadmins.io/v1/ios_data_feed.json respectively. The old feed addresses of https://sofa.macadmins.io/v1/macos_data_feed.json and https://sofa.macadmins.io/v1/ios_data_feed.json are deprecated and will be removed soon.

Osquery

Use Osquery with the MacAdmins Open Source (MAOS) Osquery Extension and the new SOFA tables to monitor unpatched CVEs on macOS. By leveraging the sofa_unpatched_cves and sofa_info tables, you can identify vulnerabilities and patch levels not addressed by current system updates across your fleet. This use case enhances security monitoring by providing insights into unpatched and actively exploited CVEs, ensuring systems are kept up to date and secure.

For more details, visit the original blog post about SOFA and MacAdmins Osquery Extension here.

Nudge 2.0

Nudge is a MacAdmins Open Source tool designed to encourage the installation of macOS security updates. The latest release, Nudge 2.0, integrates with the SOFA feed to keep macOS systems up to date. By default, it checks the SOFA feed every 24 hours, caching the data locally. Users can customize the refresh interval, set a custom feed URL, and manage support for unsupported devices. Customizable UI elements indicate when a device is unsupported, with text fields and overlay icons to highlight this status.

For more details, visit the Nudge Wiki.

Using SOFA with Jamf Pro

Integrate SOFA with Jamf Pro to monitor macOS and XProtect updates. SOFA provides up-to-date information on macOS versions and XProtect updates, allowing you to determine if systems are compliant. Use Jamf Pro Extension Attribute scripts (macOSVersionCheck-EA.sh and XProtectVersionCheck-EA.sh) to check local system versions against the latest updates in the SOFA JSON feed. Results can be used to scope non-compliant computers into Smart Groups, triggering MDM/DDM commands to ensure systems are updated.

For more details, visit the original blog posts here:

• SOFA, and how to use it with Jamf Pro
• If you're using the SOFA feed, please take note!

More use cases

Check out further use case examples in our repo here.