A macOS File Monitor (based on Apple's new Endpoint Security Framework)
This version of FileMonitor includes command line options to disable output to the terminal and allow connection to a mongodb to save all events and upload files that are changed
Usage:
sudo /Applications/FileMonitor.app/Contents/MacOS/FileMonitor -noPrint -mongo mongodb://192.168.1.3:27017 -jobid 000000000000000000000003
Read More:
For more details read: "Writing a File Monitor with Apple's Endpoint Security Framework".
To Support:
❤ Love this product or want to support it? Please check out my patreon page :)
Mahalo!
This product is supported by the following "Friends of Objective-See":
😍😍😍Kandji
🥇CleanMyMac X
🥈Malwarebytes / Airo AV
🥉SmugMug / Guardian Mobile Firewall / SecureMac / Sophos / SentinelOne / Digital Guardian / Trail of Bits / Halo Privacy