Hi, i want to cover all security events on macOS to the SIEM, can i get some help about it?
Thank you
Hi, i want to cover all security events on macOS to the SIEM, can i get some help about it?
Thank you
I presume that SIEM refers to security information and event management.
It’s not clear from your post whether:
You’re trying to accomplish this task directly, or
You want to build a product to help others accomplish this task
Please clarify.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Hi Eskimo, yes, you are right. I am using Wazuh SIEM and have only rule for detection for this kind of events: _ level="info" process == "sudo" process == "sessionlogoutd" process == "sshd" process == "tccd" process == "screensharingd" message contains "Authentication" process == "securityd" eventMessage contains "Session" and subsystem == "com.apple.securityd"_
I am sure that there is bunch more things for collecting regarding security ... for example syscalls?
thank you
I presume that SIEM refers to security information and event management.
It’s not clear from your post whether:
You’re trying to accomplish this task directly, or
You want to build a product to help others accomplish this task
Please clarify.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Hi Eskimo, yes, you are right. I am using Wazuh SIEM and have only rule for detection for this kind of events: _ level="info" process == "sudo" process == "sessionlogoutd" process == "sshd" process == "tccd" process == "screensharingd" message contains "Authentication" process == "securityd" eventMessage contains "Session" and subsystem == "com.apple.securityd"_
I am sure that there is bunch more things for collecting regarding security ... for example syscalls?
thank you
Yes, that is correct, i want to monitor all log events which are related to security, for example syscalls?
i want to monitor all log events which are related to security
Do you expect to write code to achieve this goal?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
to write code? what for? it is option if need of course..
to write code? what for?
You asked your question on Apple Developer Forums, where our primary focus in helping developers write code. If you’re looking to use someone else’s endpoint security product, you’ll have better luck asking over in Apple Support Community, run by Apple Support, and specifically the in Business and Education topic area.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
oh, ok. my bad, i am sorry.