During the discussion started last week on trying to find out what programs, libraries, plug-ins, etc. were installed on a system to determine if a system is vulnerable, someone asked about using audit data (I think to validate the accuracy of data collected about programs). Virtually everywhere I go, no one seems to know that they can do with audit data, which isn't surprising since there aren't exactly a lot of books or training courses on audit data as there are for network monitoring. I put together this 7:38 min video on some of the information Apple's BSM audit data can provide. Should you be leveraging Apple's BSM audit system? http://www.netsq.com/Podcasts/Data/2013/AuditIntro/ If scap-on-apple will include audit system configuration, at some point we should have a discussion about what types of questions you want to ask of that data. Todd