In part 1 of our Threat Hunting for macOS webinar series we explored basic use cases for utilizing macOS Unified Logging (MUL) and system telemetry to uncover suspicious behavior. Building upon this foundation, in part two we explore more intricate use cases and tap into third-party logs to uncover sophisticated attack TTPs.

Part 2 focuses on using more of the LimaCharlie platform in unison. We drill deeper into macOS threat hunting techniques and see how LimaCharlie Query Language (LCQL) compliments advanced threat hunting designs. Finally, we take a look at the latest macOS threats, and show how LimaCharlie’s automated detection and response capabilities assist you in mitigating them before adversaries strike.