Red Canary Mac Monitor For Mac

When processing large amounts of data, no matter how experienced you are, a tool that can help you make sense of it will speed up your work significantly.

Red Canary Mac Monitor is intended for security researchers or just regular users looking to troubleshoot issues or find potential malware. It captures app system events via Apple Endpoint Security and makes it easier to analyze them and find relevant items.

Once started, the app will collect all system events using Apple Endpoint Security and list them in the main window. You can see all events and process executions in two separate panels, and the corresponding event and process will be highlighted when one is selected.

You also get an interesting chart on the right, which shows the distribution of events you’re subscribed to and aren’t filtered out. It can be an easy way to identify a particular type of event that stands out.

The simplest way to remove noise is to use the filter tool in the main window, which works on data from every single column in both panels. If you need to find something specific, it’s a very quick way to do so.

You are also able to filter out all events signed with an Apple certificate and prevent certain types of events from being displayed. If you right-click an item, you can also quickly filter by specific parameters or unsubscribe from that type of event.

From the right-click menu, you can bring up the Event Facts window, which gives you as much detail about the event as possible. For instance, you have code signing information, environment variables, and correlated events, which help you quickly identify relevant links.

Red Canary Mac Monitor can be invaluable for both security researchers and any user who wants in-depth event data presented in an intuitive manner. While you still need to know what you’re doing to make use of the information, this app makes it easy to find and extract.