Idea ID: 2776349

APPLE devices, MacOSX, IOS, we need support for their new Unified Logging with our smart connectors

Status: Accepted

We are researching this and will try to get it into a release soon, hopefully within the next 12-18 months.

See status update history

Apple has gone to Unified Logging with all of their products and OS's  it's done in memory and databases with tools to read and needs access via API's.  They send little to nothing via syslog these days. They have tools to read an analyse these logs on the hosts themselves. We need ability to pull or push these logs out to our Logger/ESM .

 

  • Wayne, where are we at on this? There are still lots of Apple devices out there using their Unified Logging System.

  • We need security related events, any userid related activity that would help our Interset/Arcsight Intelligence find bad behaviour. Anything that would track abnormal activity of the user or the endpoint itself. The unified logiing is across the entire Apple platform and has lots of IOT pieces.

  • Wayne,

    Ideally authentications (logon/logoffs) and file accesses would be the first types of events that can be parsed.

  • Hi Idea Contributors,

    We are evaluating support for Apple Unified Logging and would like to ask all of you who have voted for this enhancement to help us with potentially fulfilling it. 

    One of our challenges is to better understand which events generated by these Apple devices actually should be parsed for relevant security information. This would help us evaluate the scope of what this enhancement would entail.

    We would be grateful if someone can help with determining the specific events that should be parsed.

    Thanks,

    Wayne Dalesio

    ArcSight Product Management 

    Wayne Dalesio

    Senior Product Line Manager – ArcSight Software

    wayne.dalesio@microfocus.com

    “Software is a team sport!”