by cmdSecurity
cmdReporter is a macOS-only security compliance and telemetry tool

Jamf Pro
See Options

cmdReporter is a macOS-only security compliance and telemetry tool that is zero-impact, augments MDM software, provides unprecedented insight into exactly how macOS is operating, and streams that insight directly to nearly any SIEM tool.

“Permanent” benchmark findings no more!

cmdReporter exceeds security benchmark auditing requirements that are not possible to meet with native macOS. Detailed information about how we meet auditing and accountability requirements are here

Security Benchmark Reporting

cmdReporter can report compliance status for many US security baselines with more being added every month. The full detail of each check is put into the primary cmdReporter log location along with a summary pass/fail output to a plist for use in a Jamf pro extension attribute.

Currently supported baselines are:

-       US Govt. CMMC (level 1-5)

-       NIST 800-171

-       NIST 800-53

-       and CNSSI-1253


The following baselines are currently in development in-house:

-       ISO 27001 & 27002

-       CIS

-       HIPAA

-       PCI

Attribution down to the atom

As part of its auditing and accountability features cmdReporter can log every network, process, or user action that occurs on the device down to which terminal window the action ran from and what else that same terminal window ran. All data is an ultra-portable NDJSON format that can be securely and directly sent to nearly any SIEM provider. Daily log volume per mac is roughly 6mb.

Designed by Mac Admins, for Mac Admins

Our CEO and technical lead has been an enterprise macOS sysadmin for over a decade during which time he has deployed thousands of macs for some of the most secure organizations in the world including The Pentagon for the office of the secretary of defense. He also wrote the first STIG security benchmark for both macOS 10.8 and iOS 5. He has most recently created the new CMMC benchmarks for the macOS security project.

MacOS Compatibility

A single generic installer pkg and customized configuration profile can install cmdReporter on any mac running macOS 10.12 up to the most recent M1 macs running Big Sur.

Security benchmark example Splunk dashboard
Example log event (expanded for readability) true format is ndjson
Parent / Child Process execution tree
macOS authentication details in Splunk example dashboard