On-Device Security Log Monitoring for OS X 10.11

Firewall changes in response to log events

What happens in the video

  • Check internet by going to twitter
  • Machine is attacked from the network
  • Logs send alert to script, script disables all internet except to VPN
  • User prompted to enable the VPN, Internet restored once on VPN
  • Once enabled, user disables VPN manually
  • Logs notify script VPN was disabled, script enables VPN again

Alert when anyone runs a sudo command

What happens in the video

  • sudo command is run on the system
  • Logs notify script that sudo ran, script displays notification
  • Verify that our log routing rules worked in console.app