search

redcanaryco / mac-monitor

Red Canary Mac Monitor is an advanced, stand-alone system monitoring tool tailor-made for macOS security research. Beginning with Endpoint Security (ES), it collects and enriches system events, displaying them graphically, with an expansive feature set designed to reduce noise.
938 stars 46 forks source link

Right click - Filter Target Path #6

Closed theevilbit closed 1 year ago

theevilbit commented 1 year ago

At a high level -- can you summarize your request? Would be nice to be able to quickly filter events based on Target Paths, just like we have an option for Process Path filtering.

What is the current alternative solution? Use muted paths in main settings, or export events and filter them manually.

Are there "In-the-Wild" threats or corresponding ATT&CK techniques that exist for which this telemetry would be helpful? No, this only helps with general event filtering.

Anything else? No

Brandon7CC commented 1 year ago

This is one I'm happy the community brought in! Target path filtering is an additional option I think would be a relatively easy ask 😄

AndrewMohawk commented 1 year ago

Also would be nice to have filtering by the other columns available as well (Source process, Source Signing ID)

Brandon7CC commented 1 year ago

Implemented! See v1.0.4 -- thank you Csaba!