All,
Looking to bring in general security data from about 200 MacOS laptops. Ideally CIM friendly and filtered down all the junk as much as possible.
1) Any good docs/read throughs you'd recommend I start with?
2) I checked out cmdReporter, seems pretty good. Anything else similar I should look at?
3) Is Splunk_TA_nix worth doing on MacOS?
thanks
-Daniel
Of the back of another answers post this morning, take a look at OSquery.
https://osquery.io/
Looks very lightweight and powerful - playing with it now!
Some of the inputs from TA_nix work on macOS, but recent changes by apple have broken a number of things over the years.
I tend to use my own mac TA which borrows ideas from the TA_nix app - possibly to shortly include osquery too! 🙂