Getting Data In

MacOS Security Logging?



Looking to bring in general security data from about 200 MacOS laptops. Ideally CIM friendly and filtered down all the junk as much as possible.

1) Any good docs/read throughs you'd recommend I start with?
2) I checked out cmdReporter, seems pretty good. Anything else similar I should look at?
3) Is Splunk_TA_nix worth doing on MacOS?


0 Karma

Ultra Champion

Of the back of another answers post this morning, take a look at OSquery.

Looks very lightweight and powerful - playing with it now!

Some of the inputs from TA_nix work on macOS, but recent changes by apple have broken a number of things over the years.
I tend to use my own mac TA which borrows ideas from the TA_nix app - possibly to shortly include osquery too! 🙂

If my comment helps, please give it a thumbs up!
0 Karma
Get Updates on the Splunk Community!

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...

DevSecOps: Why You Should Care and How To Get Started

 WATCH NOW In this Tech Talk we will talk about what people mean by DevSecOps and deep dive into the different ...