I am currently working on ways my application which would monitor the dlopen() and dlsym() calls made on macOS.
In the current list of events endpoint security framework provides, I don't see a relevant event which would give me this information.
Are there any alternate ways we can get these events on macOS?
I don’t think there’s a direct way to do this. However, I understand why an ES client would find these events useful, so I encourage you to file an enhancement request outlining your requirements. Please post your bug number, just for the record.
In the meantime, you should be able to make some progress by monitoring ES_EVENT_TYPE_AUTH_MMAP.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"