macOS

Version: macOS (Sierra, High Sierra, Mojave, Catalina, Big Sur, Monterey, Ventura, and Sonoma)

Apple Macintosh Operating System (macOS) contains numerous log files (events) sent by various system processes and applications. These logs can be forwarded to the syslog server.

Netsurion Open XDR manages logs retrieved from macOS through syslog. The alerts, reports, dashboards, and saved searches in Netsurion Open XDR are enhanced by capturing important and critical activities in macOS.

The following are the key assets available in this Data Source Integration.

Alerts

TypeNameDescription
SecuritymacOS – Command history clearedGenerated when terminal command history is deleted or cleared in macOS.
SecuritymacOS – Suspicious process activity detectedGenerated when suspicious process activity like network discovery or scan related event is detected in macOS.
SecuritymacOS – Threat detected after scanningGenerated when any malware is detected post system scanning.
SecuritymacOS – User or group deleted/modifiedGenerated when a user or group is deleted from macOS.
SecuritymacOS – User password modifiedGenerated when a user password is changed or modified.
CompliancemacOS – Login failureGenerated when a login failure event is detected in macOS.
CompliancemacOS – User authentication failureGenerated when a user authentication failure event detected.

Reports

TypeNameDescription
CompliancemacOS – Login and logout activitiesProvides details about all the login and log out activities in macOS and their status.
CompliancemacOS – User and group managementProvides details about all the user and group management activities such as add user, delete user, change user permission, and more.
CompliancemacOS – Authentication and authorizationProvides details about authentication and authorization activities in macOS.
OperationalmacOS – Administrative activitiesProvides details about all the admin activities occurred in macOS.
OperationalmacOS – Command executedProvides details about all the root level commands status and related information such as a username, command, and more.

Dashboards

TypeNameDescription
CompliancemacOS – Authentication and authorizationDisplays data about authentication and authorization events.
CompliancemacOS – User and group managementDisplay data about all the user and group related activities.
CompliancemacOS – Login and logout activitiesDisplay data about user login related activities by username.
OperationalmacOS – Administrative activities by UsernameDisplay data about all the admin activities.

Saved Searches

TypeNameDescription
CompliancemacOS – Authentication and authorizationProvides details about authentication and authorization activities in macOS.
CompliancemacOS – User and group managementProvides details about all the user and group management activities such as add user, delete user, change user permission, and more.
CompliancemacOS – Login and logout activitiesProvides details about all login and log out activities in macOS and their status.
OperationalmacOS – Command executedProvides details about all the root level commands status and related information such as a username, command, and more.
OperationalmacOS – Administrative activitiesProvides details about all admin activities occurred in macOS.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.3 or later, and macOS.

Download the Integration Guide for configuration instructions and more information.