CLI Functionality

[jkennedyvz]

At a high level -- can you summarize your request? I would like the ability to stream events from the command line similar to the logging offered by little snitch https://help.obdev.at/littlesnitch5/adv-commandline or objective-see tools https://github.com/objective-see/ProcessMonitor

What is the current alternative solution? https://help.obdev.at/littlesnitch5/adv-commandline https://github.com/objective-see/ProcessMonitor

Anything else? Streaming network events that also contain process information is a real pain on MacOS. It would be nice to have the telemetry stream provided by EDR without the EDR.

[Brandon7CC]

Hey @jkennedyvz! Thank you for the excellent suggestions! 1) Enabling CLI like functionality has been suggestion before, but I've had to shoot it down in the past. Let me get back to you on this. In the meantime I'd suggest using the telemetry export options, using /usr/bin/eslogger or Patrick Wardle's / Jaron Bradley's tools. 2) Network telemetry is very much on the table. To do so we'll need to add a Network Extension -- on my backlog 😉

[jkennedyvz]

Hi @Brandon7CC,

Thanks for the quick response! I'm currently using several tools from Objective-see, but there are some limitations on the networking side to work through there as well. See https://github.com/objective-see/Netiquette/issues/11 and https://github.com/objective-see/DNSMonitor/issues/4