/
Can my MAC agent get USB events?
Can my MAC agent get USB events?
- Carlos Osorio
Owned by Carlos Osorio
Nov 09, 2020
SUMMARY
Oct 29, 2015
When a USB drive is inserted, it will generate kernel events which the Snare Enterprise Agent for OSX will pick up.
When you mount the file system to access the files these will also generate mount kernel events which the agent will pick up on.
The same applies to CDROM devices, so when the CDROM is inserted, it gets mounted and will raise kernel events.
The default objective settings for the Snare Enterprise Agent for OSX covers these events. Also covered in the objectives are any execve system calls for any commands that are run from the USB/CDROM devices.
, multiple selections available,
Related content
Release Notes for Snare macOS Agent v5.8.1
Release Notes for Snare macOS Agent v5.8.1
More like this
Agent Installation
Agent Installation
More like this
HeartBeat & Agent Log
HeartBeat & Agent Log
More like this
HeartBeat & Agent Log
HeartBeat & Agent Log
More like this
HeartBeat & Agent Log
HeartBeat & Agent Log
More like this
HeartBeat & Agent Log
HeartBeat & Agent Log
More like this