Audit Explorer Help
Audit Explorer lets you detect attacks, perform forensics analysis on systems that were attacked, and generally explore what has happened on your Mac by analyzing Apple's BSM audit trail. Apple's auditing system is one of the most powerful auditing systems on the planet, and once you have configured it correctly, Audit Explorer helps you discover amazing things.
If you are familiar with Audit Explorer 1.0, this section summarizes what is new in version 1.1.
New to Audit Explorer? This section provides an overview of auditing in general, Audit Explorer, and how you can use Audit Explorer to explore the information inside the audit trails.
This section gets you started by showing you how to download sample audit trail files and analyze them in Audit Explorer. Audit analysis can be difficult, so we start in the shallow end of the pool.
Now that you know the basics of audit trail analysis using Audit Explorer, set up your own computer to collect detailed audit trail data and analyze it. We also show you how to automate the process and give you some suggestions on how to centralize audit reporting.
This section covers Audit Explorer's various windows.
This section covers Audit Explorer's various menus.
New to Audit Explorer 1.1 is the embedded command line tool ae_batch, which in addition to using directly from the command line, you can call from a shell script or directly from launchd. This section covers this application.
Audit trails are tricky business with lots of opportunities to screw things up. This section looks at a few of the things that can trip you up.
Find more information online or contact us with any bug reports or feature requests.