仅内部办公使用 For internal office use only

[ouyangningdong]

Hello, when I was working on the company's network security emergency plan, I saw your tool and thought it was great. I would like to ask if I can use this tool for emergency response in the event of an intrusion

[Brandon7CC]

Hi @ouyangningdong,

Thank you for the kind words! Mac Monitor was designed primarily as a dynamic analysis tool and does not enable any "response" actions. Furthermore, the System Extension does not process events while a trace is not occurring. The primary use case here is detailed analysis of Endpoint Security (ES) events over short timespans (e.g. logic vulnerability research, malware analysis, system troubleshooting, etc).

Thanks for the question!

@mgraeber-rc could you close this one out?