[SCAP-On-Apple-Dev] Mac's Audit Data (slightly OT)
Todd Heberlein
todd_heberlein at mac.com
Tue Jul 23 11:50:03 PDT 2013
During the discussion started last week on trying to find out what programs, libraries, plug-ins, etc. were installed on a system to determine if a system is vulnerable, someone asked about using audit data (I think to validate the accuracy of data collected about programs).
Virtually everywhere I go, no one seems to know that they can do with audit data, which isn't surprising since there aren't exactly a lot of books or training courses on audit data as there are for network monitoring.
I put together this 7:38 min video on some of the information Apple's BSM audit data can provide.
Should you be leveraging Apple's BSM audit system?
http://www.netsq.com/Podcasts/Data/2013/AuditIntro/
If scap-on-apple will include audit system configuration, at some point we should have a discussion about what types of questions you want to ask of that data.
Todd
More information about the SCAP-On-Apple-Dev
mailing list