Summary
This article provides that Apex One On-Premise agent supported Endpoint Sensor features on different platforms.
Details
Apex One On-Premise agent can be installed on Windows or Mac OS, but there are some supported Endpoint Sensor feature differences between Windows and Mac OS.
The differences are listed in the following tables:
| Features | Windows | Mac OS |
|---|---|---|
| Preliminary Investigation create assessment | ✔ | ✔ |
| Preliminary Investigation Generate Root Cause Analysis | ✔ | ✘ |
| Detailed Investigation | ✔ | ✘ |
| Attack Discovery detections (ADE) | ✔ | ✘ |
| Criteria | Windows | Mac OS |
|---|---|---|
| Host (Host name / IP address) | ✔ | ✔ |
| User account | ✔ | ✔ |
| File name / File path | ✔ | ✔ |
| Hash value | ✔ | ✔ |
| Registry name / key / data | ✔ | ✘ |
| Command line | ✔ | ✔ |
| Category | Item | Required Condition | Windows | Mac OS |
|---|---|---|---|---|
| DNSENTRYITEM | HOST | IS | ✔ | ✔ |
| RECORDDATA/HOST | IS | ✔ | ✔ | |
| RECORDDATA/IPV4ADDRESS | IS | ✔ | ✔ | |
| FILEITEM | FILENAME | IS | ✔ | ✔ |
| FILEPATH | IS | ✔ | ✔ | |
| SHA1SUM | IS | ✔ | ✔ | |
| SHA2SUM | IS | ✔ | ✔ | |
| MD5SUM | IS | ✔ | ✔ | |
| FILEITEM | LOCALIP | IS | ✔ | ✔ |
| REMOTEIP | IS | ✔ | ✔ | |
| PROCESSITEM | ARGUMENTS | CONTAINS | ✔ | ✔ |
| NAME | IS | ✔ | ✔ | |
| PATH | IS | ✔ | ✔ | |
| SECTIONLIST/MEMORYSECTION/SHA1SUM | IS | ✔ | ✔ | |
| SECTIONLIST/MEMORYSECTION/SHA256SUM | IS | ✔ | ✔ | |
| SECTIONLIST/MEMORYSECTION/MD5SUM | IS | ✔ | ✔ | |
| REGISTRYITEM | KEYPATH | CONTAINS | ✔ | ✘ |
| VALUE | CONTAINS | ✔ | ✘ | |
| VALUENAME | CONTAINS | ✔ | ✘ | |
| USERNAME | IS | ✔ | ✘ |
| Methods | Windows | Mac OS |
|---|---|---|
| Scan disk files using OpenIOC | ✔ | ✘ |
| Scan in-memory process using YARA | ✔ | ✘ |
| Search registry | ✔ | ✘ |
