This morning, I would like to introduce you to Red Canary Mac Monitor, an advanced monitoring tool designed specifically for macOS security research, malware triage, and system troubleshooting.
Red Canary Mac Monitor autonomously collects system events and enriches them using Apple Endpoint Security (ES). Imagine having a microscope that allows you to scrutinize everything happening on your system, detecting threats that would otherwise go unnoticed.
The tool is designed to collect and enrich system events and display them in graphs, showcasing only the events relevant to you.
This telemetry collects in-process and cross-process events, file-related events, and a wide range of metadata, enabling users to contextualize events and better understand system activities.
Red Canary is available for free here! To install the tool, verify that your Mac has 4GB of system memory or more and is running macOS 13.1+ (Ventura).
To install the tool, you can either use Homebrew or download the latest installer from GitHub. Once the application is open, authorize the system extension, and you’re good to go!
brew install --cask red-canary-mac-monitor
Event correlation is an essential feature for threat detection. Visualizing the connection points between different events creates a puzzle that helps understand suspicious activities.
Red Canary Mac Monitor also offers functionality for filtering artifacts, clearing system binaries, and exporting telemetry in JSON format. The tool also allows generating process sub-trees, offering an overview of the process lineage.
To top it all off, a dynamic event distribution graph makes it easy to quickly identify events. This tool is a must-have for all macOS security enthusiasts. The Red Canary Mac Monitor can be found here.