Audit Explorer 1.0
These pages provide an overview of Audit Explorer version 1.0. For additional details on how to get started, see our Video Tutorials section.
This section provides an overview of Audit Explorer, including introducing the role of Audit Explorer's three main windows.
This section covers the Notable Events Window, the window that highlights potentially suspicious activity. From here you can drill down to get more details.
This section covers the Process List Window. It provides a sortable list of all the processes observed in the audit trails. Clicking on a process in this window brings up its details in the Process Details window.
This section covers the Process Detail Window. This is where you can get lots of details on a process, including the files it read from or wrote to and connections that it accepted or made.
This section covers audit configuration. Apple's BSM auditing system needs to be configured properly in order to collect useful information.
This section covers monitoring your audit trails. The primary challenge you will encounter is that Apple protects its audit trails. This is a good thing, but this means you cannot access the files directly from Audit Explorer.