{
"_event_score": 0,
"event_attributes": {
"AuditEventExcludedProcesses": [
"/usr/bin/log",
"/usr/sbin/syslogd"
],
"AuditEventExcludedUsers": [
"_spotlight",
"_windowserver"
],
"AuditEventLogVerboseMessages": 1,
"AuditLevel": 3,
"FileEventExclusionPaths": [
"/Users/.*/Library/.*"
],
"FileEventInclusionPaths": [
"/Users/.*"
],
"FileEventUseFuzzyMatch": 0,
"FileLicenseInfo": {
"LicenseEmail": "dan@cmdsec.com",
"LicenseExpirationDate": "01/01/2020",
"LicenseKey": "43cafc3da47e792939ea82c70...",
"LicenseType": "Annual",
"LicenseVersion": "1"
},
"LogFileLocation": "/var/log/cmdReporter.log",
"LogFileMaxNumberBackups": 10,
"LogFileMaxSizeMegaBytes": 10,
"LogFileOwnership": "root:wheel",
"LogFilePermission": "640",
"LogRemoteEndpointEnabled": 1,
"LogRemoteEndpointType": "AWSKinesis",
"LogRemoteEndpointTypeAWSKinesis": {
"AccessKeyId": "AKIAQFE...",
"Region": "us-east-1",
"SecretKey": "JAdcoRIo4zsPz...",
"StreamName": "cmdReporter_testing"
},
"LogRemoteEndpointURL": "",
"UnifiedLogPredicates": [
"'(subsystem == \"com.example.networkstatistics\")'",
"'(subsystem == \"com.apple.CryptoTokenKit\" AND category == \"AHP\")'"
],
"Version": "3.1b43"
},
"header": {
"event_name": "PREFERENCE_LIST_EVENT",
"time_seconds_epoch": 1570033028
},
"host_info": {
"host_name": "Dan_macbook_pro",
"host_uuid": "3F6E4B3A-9285-4E7E-9A0C-C3B62DC379DF",
"osversion": "Version 10.14.6 (Build 18G95)",
"primary_mac_address": "38:f9:e8:15:5a:82",
"serial_number": "C03XY889JHG3"
}
}
cmdReporter Wiki