cmdReporter works like a security motion detector for anything running on, communicating with, or authenticating into a macOS computer and parses that data into JSON output for an organization's existing security and log tools like Splunk.
Macs, not endpoints
cmdReporter is designed for macOS and only macOS; we focus all of our attention on making the best security monitoring tool for macOS possible. We adhere to all of Apple's developer best practices and fully support configuration profiles for all preferences and license information.
An average of less than 10MB of logs are generated by each computer per day and system resource impact that is unnoticeable even on the lowest powered macbooks.
cmdReporter is compatible with every macOS version from 10.8.0 to the latest 10.14 release. One app, one version, one installer for your entire macOS fleet.
Data loss detection
cmdReporter has full file path regex support for defining both inclusion and exclusion file paths to be monitored. These paths allow for collection scenarios such as logging every file move to a destination that is not the boot hard drive or logging every incoming file from any usb device. These events are logged in JSON to the same cmdReporter log file.
cmdReporter has the ability to lock all network, usb, and external ports whitelisting only Apple servers and company Jamf servers to quarantine a mac without fully disabling the computer.
InfoSec ❤️ cmdReporter
cmdReporter is designed to output data compatible with most SIEM and log collection tools, so your InfoSec team can use their existing tools to read and analyze macOS audit logs.
Never calls home
No log data is ever sent to cmdSecurity or external servers. Your company data stays within your organization.
Log collection verbosity levels are mapped to NIST's published risk management framework (SP 800-37) and collect the recommended level of information for each risk level.