Investigate Endpoint Security Activity in Your Browser

Upload one or more Apple Endpoint Security captures from eslogger or Mac Monitor (.json/.ndjson) and analyze them entirely in your browser. Files are processed locally on your device and are never uploaded to a backend.

Log captures

Select Endpoint Security logs

No files selected. Drag files here or click to browse.

Browse

Waiting for files.

Filters And Export

Filter all views at once, then export the filtered timeline and rendered tree.

Event kinds Select one or more kinds (Cmd/Ctrl + click for multiple). PID Path/args contains Signing/team contains Start time End time

No filters applied.

Event Mix

Most frequent event categories in the filtered data set.

Sigma Rules

Match process creation (exec/fork) and file create/rename (create/rename) events against SigmaHQ macOS rules.

Active Sigma rules

No Sigma rules loaded.

Timeline Story

Chronological high-signal events to reconstruct process behavior.

Include sampled `write` events Sort by Timestamp

Process Tree

Fork/exec lineage with file activity, arguments, code-signing metadata, and observed exits. Click a node for details.

Color by Render Tree by Root process Sigma scope Show file create/rename

Node limit: 400

Lineage color