Image

cmdReporter works like a security motion detector for anything running on, communicating with, or authenticating into a macOS computer.

cmdReporter collects the security information your organization needs while conserving macOS' natural resources so more computer is available to the user.




To try a 2 week trial of cmdReporter
email sales@cmdsec.com

contact us


FEATURES

Why is cmdReporter different?

Our founder wrote the security guidance for macOS for the U.S. government and has spent the last decade studying macOS security. cmdReporter focuses on preserving the speed and stability of macOS while still providing the protection that organizations require.


Privacy with security

The default log level focuses on maintaining user privacy while still collecting all necessary security data. Higher collection levels can collect all computer and user activity.


JSON output

Get the right data, to the right people, in the proper format, faster. Nearly all security tools will natively ingest JSON without special data manipulation.


Continuously streaming data

cmdReporter was designed to collect and process data from your endpoints in real-time. Security teams can immediately know if there are ever any issues.


No kernel extension necessary

cmdReporter runs without kernel-level permissions which avoids a long list of security and stability concerns. cmdReporter can be deployed as one version for all macOS computers in your environment instead of matching application versions to kernel versions.


Never calls home

No log data is ever sent to cmdSecurity or external servers. Your data stays within your organization.


Light footprint

cmdReporter is designed with macOS resource conservation as a key requirement and the majority of users will never notice cmdReporter running. An average of 10mb of log data is generated each day for macOS endpoints which means no more unusably slow computers due to security software.


Government compliance

Log collection levels are mapped to NIST’s published risk management framework (SP 800-37) and collect the recommended level of information.



Learn more about how cmdReporter helps you keep your environment safe and secure.

contact us


LOG LEVELS

At log level 1

cmdReporter logs all events from the following types by default:

  • Login
  • Authorization
  • User and group account creation/modify events
  • System operation events, such as mounting external drives
  • Network and firewall changes
  • Process (.app) execution
  • Terminal and Shell script commands
  • X-Protect and Gatekeeper evaluations
  • System and User apps listening for network connections

At log level 2

All log level 1 data, plus:

  • Non-browser user network connections
  • System-level network communications
  • File system events in system configuration folders
  • File system events on external drives

At log level 3

All data collected at log levels 1 and 2, plus:

  • All network traffic including user browser traffic
  • User folder file system events

LOG LEVELS

  • Login
  • Authorization
  • User and group account creation/modify events
  • System operation events, such as mounting external drives
  • Network and firewall changes
  • Process (.app) execution
  • Terminal and Shell script commands
  • X-Protect and Gatekeeper evaluations
  • System and User apps listening for network connections