Summary
This article provides that Apex One Endpoint Sensor supported features on Mac OS and Windows platforms.
Details
Apex One Endpoint Sensor can be installed on Windows or Mac OS, but there are some supported feature differences between Windows and Mac OS.
The differences are listed in the following tables:
| Features | Windows | Mac OS |
|---|---|---|
| Preliminary Investigation create assessment | ✔ | ✔ |
| Preliminary Investigation Generate Root Cause Analysis | ✔ | ✘ |
| Detailed Investigation | ✔ | ✘ |
| Attack Discovery detections (ADE) | ✔ | ✘ |
| Criteria | Windows | Mac OS |
|---|---|---|
| Host (Host name / IP address) | ✔ | ✔ |
| User account | ✔ | ✔ |
| File name / File path | ✔ | ✔ |
| Hash value | ✔ | ✔ |
| Registry name / key / data | ✔ | ✘ |
| Command line | ✔ | ✔ |
| Category | Item | Required Condition | Windows | Mac OS |
|---|---|---|---|---|
| DNSENTRYITEM | HOST | IS | ✔ | ✔ |
| RECORDDATA/HOST | IS | ✔ | ✔ | |
| RECORDDATA/IPV4ADDRESS | IS | ✔ | ✔ | |
| FILEITEM | FILENAME | IS | ✔ | ✔ |
| FILEPATH | IS | ✔ | ✔ | |
| SHA1SUM | IS | ✔ | ✔ | |
| SHA2SUM | IS | ✔ | ✔ | |
| MD5SUM | IS | ✔ | ✔ | |
| FILEITEM | LOCALIP | IS | ✔ | ✔ |
| REMOTEIP | IS | ✔ | ✔ | |
| PROCESSITEM | ARGUMENTS | CONTAINS | ✔ | ✔ |
| NAME | IS | ✔ | ✔ | |
| PATH | IS | ✔ | ✔ | |
| SECTIONLIST/MEMORYSECTION/SHA1SUM | IS | ✔ | ✔ | |
| SECTIONLIST/MEMORYSECTION/SHA256SUM | IS | ✔ | ✔ | |
| SECTIONLIST/MEMORYSECTION/MD5SUM | IS | ✔ | ✔ | |
| REGISTRYITEM | KEYPATH | CONTAINS | ✔ | ✘ |
| VALUE | CONTAINS | ✔ | ✘ | |
| VALUENAME | CONTAINS | ✔ | ✘ | |
| USERNAME | IS | ✔ | ✘ |
| Methods | Windows | Mac OS |
|---|---|---|
| Scan disk files using OpenIOC | ✔ | ✘ |
| Scan in-memory process using YARA | ✔ | ✘ |
| Search registry | ✔ | ✘ |
