Network Connection Telemetry

redcanaryco / mac-monitor

Red Canary Mac Monitor is an advanced, stand-alone system monitoring tool tailor-made for macOS security research. Beginning with Endpoint Security (ES), it collects and enriches system events, displaying them graphically, with an expansive feature set designed to reduce noise.

938 stars 46 forks source link

Network Connection Telemetry #28

Open Brandon7CC opened 1 year ago

Brandon7CC commented 1 year ago

At a high level -- can you summarize your request?

Network connection telemetry request from @jkennedyvz.
Add domain level netconns and correlate to process telemetry

What is the current alternative solution?

EDR
Wireshark
Little Snitch

Are there "In-the-Wild" threats or corresponding ATT&CK techniques that exist for which this telemetry would be helpful?

Lots 😁

Anything else? N/A

jkennedyvz commented 1 year ago

Background for this and #26 : I'd like to demonstrate experiments for implant detection such as this using pandas/scipy/jupyter, and without relying on software that is inaccessible to individuals.