General Information
Preference Documentation
Log Data Documentation
- Log Data Examples
- Interesting Types of Events
  - SSH Logins and Activity
Related Tech and Configurations
- macOS
Compliance
- cmdReporter and US Govt Standards Details
  - How cmdReporter Meets CMMC, DFARS, and NIST 800-171 Requirements
  - NIST 800-53r4 (high) controls met by using cmdReporter
- Security Baseline Reporting Preferences
  - Security Benchmark Reporting Logs

cmdReporter Architecture Overview

Daniel Griggs

Modified on: Mon, 3 Aug, 2020 at 10:02 AM

What cmdReporter Does

cmdReporter is a security monitoring tool for macOS. Using minimal resources, cmdReporter collects the data IT security teams need to hunt threats to macOS and streams the logs in real time to nearly any analysis server.

Our approach filters and normalizes all logs coming from macOS into a single format that is easy for any log analysis software to parse and search.

cmdReporter Server?

There is no cmdReporter server, we are designed to integrate and stream directly from the mac to nearly any SIEM, log collection, or data lake tool that your organization already uses to store and analyze computer logs.

Why cmdReporter is Different

cmdReporter is designed to work with macOS and only macOS. We do this by:

No kernel extension.
Release-day support for new macOS versions
Near-zero performance impact.
100% preference coverage for configuration profiles.