Macos - Re-Opened Applications

Description

This search looks for processes referencing the plist files that determine which applications are re-opened when a user reboots their machine.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Adversary Tactics

Alert Volume

This search looks for processes referencing the plist files that determine which applications are re-opened when a user reboots their machine.

SPL Difficulty

None

Journey

Stage 3

Kill Chain Phases

Installation
Command and Control

   Help

Macos - Re-Opened Applications Help

In order to properly run this search, Splunk needs to ingest process data from your osquery deployed agents with the splunk.conf pack enabled. Also the TA-OSquery must be deployed across your indexers and universal forwarders in order to have the data populate the Endpoint data model.

   Search

Open in Search