notes.billmill.org / link_blog / 2023 / 05 /

Red Canary Mac Monitor

Oct 20, 2023

https://redcanary.com/blog/mac-monitor/

Red Canary Mac Monitor is a feature-rich dynamic analysis tool for macOS that leverages our extensive understanding of the platform and Apple’s latest APIs to collect and present relevant security events. Mac Monitor is practically the macOS version of the Microsoft Sysinternals tool Procmon. Mac Monitor collects a wide variety of telemetry classes, including processes, interprocess, files, file metadata, logins, XProtect detections, and more—enabling defenders to quickly and effectively analyze enriched, high-fidelity macOS security events in a native, modern, and customizable user interface.

  1. brew install --cask red-canary-mac-monitor
  2. start Red Canary Mac Monitor
  3. it will ask for permission to run a kernel module, grant that permission
  4. quit and restart the app
  5. hit "start", then you are watching the kernel events occuring on your mac in real(-ish) time
  6. very neat!

via news.yc

↑ up