What's new in Red Canary Mac Monitor 1.0.5
Jul 28, 2023
- Endpoint Security events added:
- ES_EVENT_TYPE_NOTIFY_PROFILE_ADD:
- When a profile is installed
- ES_EVENT_TYPE_NOTIFY_OD_CREATE_USER:
- When a user has been created in an Open Directory node
- ES_EVENT_TYPE_NOTIFY_OD_CREATE_GROUP:
- When a group has been created in an Open Directory node
- ES_EVENT_TYPE_NOTIFY_OD_GROUP_ADD:
- When a member has been added to an Open Directory group
- ES_EVENT_TYPE_NOTIFY_OD_MODIFY_PASSWORD:
- When a user’s password has been modified
- ES_EVENT_TYPE_NOTIFY_OD_ATTRIBUTE_VALUE_ADD:
- When a value has been added to a record
- ES_EVENT_TYPE_NOTIFY_XPC_CONNECT:
- A connection has been established to an XPC service
- ES_EVENT_TYPE_NOTIFY_AUTHORIZATION_PETITION:
- A process has asked / “petitioned” for a set of authorization rights.
- ES_EVENT_TYPE_NOTIFY_AUTHORIZATION_JUDGEMENT:
- The decision by the security framework of the petitioned rights for the process
- User experience (macOS 14 and newer):
- Human readable Open Directory error codes to assist with debugging
- Customizable table columns
- System Security Unified table view
- Process Execution events table view
- Unified event correlation table view
- Process Group table view
- Native alert for displaying a warning before clearing events
- Cross compatible updates:
- General performance improvements across: Security Extension with data retrieval and the Core Data stack with the Event tracer app.
- Huge shoutout to the Core Data team for digging in with me over WWDC this year!
- Sonoma bug fixes:
- Table row selection
- Ask before quit
- Disabling the event mask
- Activity indicator