Getting Data In

MacOS Security Logging?

daniel333
Builder

All,

Looking to bring in general security data from about 200 MacOS laptops. Ideally CIM friendly and filtered down all the junk as much as possible.

1) Any good docs/read throughs you'd recommend I start with?
2) I checked out cmdReporter, seems pretty good. Anything else similar I should look at?
3) Is Splunk_TA_nix worth doing on MacOS?

thanks
-Daniel

0 Karma

nickhills
Ultra Champion

Of the back of another answers post this morning, take a look at OSquery.
https://osquery.io/

Looks very lightweight and powerful - playing with it now!

Some of the inputs from TA_nix work on macOS, but recent changes by apple have broken a number of things over the years.
I tend to use my own mac TA which borrows ideas from the TA_nix app - possibly to shortly include osquery too! 🙂

If my comment helps, please give it a thumbs up!
0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.