DLP Beta Officially Live!
- Our free public beta is available today and included as part of cmdReporter v3.4
- Details about cmdReporter +DLP and the beta in 3.4 can be found here: Data Loss Prevention (DLP)
- To test DLP, simply install a configuration profile with the com.cmdsec.cmdreporter.dlp domain
- An example cmdReporter +DLP Profile is available for reference.
- If the DLP preference domain is not configured, all DLP features are completely disabled, so the same version of cmdReporter can be used in production environments.
- Our invite-only closed beta with bi-weekly builds will begin next week
- Host Intrusion Prevention: Coming in Fall 2020*
- Data Loss Prevention (DLP): Coming in Fall 2020*
*Requires an additional license
v3.4 Release Notes:
Prohibited Application Blocking
- Prohibit execution of binaries based on executable name, team signing ID, or app signing ID.
- Upon blocking an application or executable the prompt below will be shown to users.
- IMPORTANT: LaunchDaemons executing as the root user are intentionally exempted from prohibited applications to allow restrictions of administrative tools. More detail available HERE
File Monitoring Events
- After customer feedback, cmdReporter's file monitoring events have been enriched, extended, and redesigned for intrusion detection. As such, Host Intrusion Detection (Currently in Beta) is replacing File Event monitoring.
- Removal of the following preferences
- More details about cmdReporter's included intrusion detections available HERE
- New behavior to only additionally log non-privileged terminal activity
- Old: Version 10.15.5 (Build 19F96)
- New: macOS 10.15.5 (Build 19F96)
- Speed Improvements to core processing engine
- Unified Log search performance improvements
- Event Filtering now additionally filters on responsible_process_name to mute child processes of a muted application
- Rate limiting summarization logic speed improvements
New Event Types:
|Key||Value Type||Example Values|
|PAExecutableNames||Array of Strings||fdesetup|
|PASigningIdentifiers||Array of Strings||com.apple.TextEdit|
|PATeamIdentifiers||Array of Strings||BD3YL53XT4|
|Key||Value Type||Example Value|
|SensitiveUTIs||Array of Strings||org.openxmlformats.*|
|SensitivePaths||Array of Strings||/Users/.*/Documents/|
|DLPExecutableNames||Array of Strings||fdesetup|
|DLPSigningIdentifiers||Array of Strings||com.apple.TextEdit|
|DLPTeamIdentifiers||Array of Strings||BD3YL53XT4|