Automating installing and running of osxcollector
skiptomyliu opened this issue · 2 comments
Looking to automate installation, running of osxcollector and finally uploading the contents of the output for analysis by security team.
The dependencies that osxcollector requires seems to take significant time to install (pyobjc being main offender). Curious how yelp (or other teams) approaches deploying osxcollector when an incident occurs. If you could share it would be much appreciated.
Hi @skiptomyliu!
We actually use our corporate assets management system to launch remotely OSXCollector.
It should run on any macOS machine without any dependencies - all of them should be satisfied on macOS already.
Then for the automated analysis we are using OSXCollector Output Filters, orchestrated by AMIRA.
Let me know if you have any further questions.
Thanks @jjsendor . It looks like I was getting the prompt that "import Foundation" was not found beacuse I was using Anaconda python because of Jupyter overwriting my path. Using the default python install works as expected.
Thank you for also sharing Amira