topic Re: MacOS Security Logging? in Getting Data In

MacOS Security Logging?

daniel333 — Wed, 30 Sep 2020 03:59:40 GMT

All,

Looking to bring in general security data from about 200 MacOS laptops. Ideally CIM friendly and filtered down all the junk as much as possible.

1) Any good docs/read throughs you'd recommend I start with?
2) I checked out cmdReporter, seems pretty good. Anything else similar I should look at?
3) Is Splunk_TA_nix worth doing on MacOS?

thanks
-Daniel

Re: MacOS Security Logging?

nickhills — Wed, 30 Sep 2020 03:59:54 GMT

Of the back of another answers post this morning, take a look at OSquery.
https://osquery.io/

Looks very lightweight and powerful - playing with it now!

Some of the inputs from TA_nix work on macOS, but recent changes by apple have broken a number of things over the years.
I tend to use my own mac TA which borrows ideas from the TA_nix app - possibly to shortly include osquery too! 🙂