Views:

Apex One On-Premise agent can be installed on Windows or Mac OS, but there are some supported Endpoint Sensor feature differences between Windows and Mac OS.

The differences are listed in the following tables:

FeaturesWindowsMac OS
Preliminary Investigation create assessment
Preliminary Investigation Generate Root Cause Analysis
Detailed Investigation
Attack Discovery detections (ADE)
CriteriaWindowsMac OS
Host (Host name / IP address)
User account
File name / File path
Hash value
Registry name / key / data
Command line
CategoryItemRequired ConditionWindowsMac OS
DNSENTRYITEMHOSTIS
RECORDDATA/HOSTIS
RECORDDATA/IPV4ADDRESSIS
FILEITEMFILENAMEIS
FILEPATHIS
SHA1SUMIS
SHA2SUMIS
MD5SUMIS
FILEITEMLOCALIPIS
REMOTEIPIS
PROCESSITEMARGUMENTSCONTAINS
NAMEIS
PATHIS
SECTIONLIST/MEMORYSECTION/SHA1SUMIS
SECTIONLIST/MEMORYSECTION/SHA256SUMIS
SECTIONLIST/MEMORYSECTION/MD5SUMIS
REGISTRYITEMKEYPATHCONTAINS
VALUECONTAINS
VALUENAMECONTAINS
USERNAMEIS
MethodsWindowsMac OS
Scan disk files using OpenIOC
Scan in-memory process using YARA
Search registry