WWDC22 · 10 min · Business & Education / Privacy & Security

What’s new in Endpoint Security

Learn how you can build reliable endpoint security products like anti-virus software, endpoint detection and response, and data leakage prevention solutions for macOS. We’ll take you through the latest enhancements to Endpoint Security APIs: Learn how you can support more security events and use advanced muting capabilities in your app. We’ll also explore a standalone tool to help you perform introspection from the command line.

Watch at developer.apple.com ↗

Transcript all transcripts

Code shown on screen · 3 snippets

Target path muting swift · at 4:29 ↗

// Mute events operating on /var/log
es_mute_path(client, "/private/var/log", ES_MUTE_PATH_TYPE_TARGET_PREFIX)

// Mute write events to /dev/null
var events = [ ES_EVENT_TYPE_NOTIFY_WRITE ]
es_mute_path_events(client, "/dev/null", ES_MUTE_PATH_TYPE_TARGET_LITERAL,
                    &events, events.count)

Mute inversion swift · at 5:08 ↗

// Invert muting for target paths
es_invert_muting(client, ES_MUTE_INVERSION_TYPE_TARGET_PATH)

// Select only events pertaining to /Library/LaunchDaemons
es_unmute_all_target_paths(client)
es_mute_path(client, "/Library/LaunchDaemons", ES_MUTE_PATH_TYPE_TARGET_PREFIX)

Use eslogger to observe ssh login and logout events bash · at 8:08 ↗

sudo eslogger openssh_login openssh_logout >out.jsonl

Resources

[documentation] Endpoint Security
[samplecode] Monitoring System Events with Endpoint Security

Build an Endpoint Security app

WWDC20

42 min
System Extensions and DriverKit

WWDC19

37 min

Code shown on screen · 3 snippets

Resources

Related sessions

Build an Endpoint Security app

System Extensions and DriverKit