This Analytic predicate may be used to report on various attempts to mount SMB shares via the command line
hidden_account_created_dscl
This Analytic predicate may be used to report on attempts using dcsl to create accounts that are hidden from the login window.
insecure_file_download_curl
This Analytic predicate may be used to report on attempts using curl to download a file using the -k argument, bypassing ssl validations.
brew_activity
This analytic predicate can be used to report on any activity involving the use of brew with additional arguments.
swift_oneline_command_execution
This Analytic predicate may be used to report when the swift CLI is used to execute a command using the -e argument that has been implemented in Swift 5.8.
smb_mounted_via_commandline
hidden_account_created_dscl
insecure_file_download_curl
brew_activity
swift_oneline_command_execution