Created
February 25, 2019 13:56
-
-
Save richiercyrus/c1707fe5ea7971bac5df375ab75a4db8 to your computer and use it in GitHub Desktop.
Testing
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"offset":0,"message":"{\"Hostname\": \"pedros-Mac.local\", \"users\": [\"daemon\", \"nobody\", \"pedro\", \"root\", \"\"], \"module\": \"Users\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":104,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SIP Status\": \"enabled\", \"module\": \"System Intergrity Protection\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":204,"message":"{\"kernel\": \"18.2.0\", \"hostname\": \"pedros-Mac.local\", \"kernel_release\": \"xnu-4903.231.4~2/RELEASE_X86_64\", \"module\": \"System Info\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":335,"message":"{\"date\": \"2018-12-11T07:31:45\", \"packageIdentifiers\": [\"com.apple.pkg.Core\", \"com.apple.pkg.EmbeddedOSFirmware\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"SU_TITLE\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-11T07:44:31\", \"packageIdentifiers\": [\"com.parallels.pkg.guestostools.audio\", \"com.parallels.pkg.guestostools.video\", \"com.parallels.pkg.guestostools.tg\", \"com.parallels.pkg.guestostools.network\", \"com.parallels.pkg.guestostools.hosttime\", \"com.parallels.pkg.guestostools.sf\", \"com.parallels.pkg.guestostools.ts\", \"com.parallels.pkg.guestostools.ut\", \"com.parallels.pkg.guestostools.coherence\", \"com.parallels.pkg.guestostools.iagent\", \"com.parallels.pkg.guestostools.copypaste\", \"com.parallels.pkg.guestostools.dragdrop\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Parallels Tools for Mac\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":537,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":1181,"message":"{\"date\": \"2018-12-11T08:13:23\", \"packageIdentifiers\": [\"com.apple.pkg.macOSUpdCombo10.13.6Auto.RecoveryHDUpdate.17G65\", \"com.apple.pkg.macOSBrain\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS High Sierra 10.13.6 Update\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":1442,"message":"{\"date\": \"2018-12-11T08:13:23\", \"packageIdentifiers\": [\"com.apple.pkg.iTunesX\", \"com.apple.pkg.iTunesAccess\", \"com.apple.pkg.CoreFP\", \"com.apple.pkg.CoreADI\", \"com.apple.pkg.MobileDevice\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"iTunes\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":1718,"message":"{\"date\": \"2018-12-11T08:21:34\", \"packageIdentifiers\": [\"com.apple.pkg.FirmwareUpdate\", \"com.apple.pkg.update.os.Combo10.13.6Auto.17G65\", \"com.apple.pkg.SecureBoot\", \"com.apple.pkg.EmbeddedOSFirmware\", \"com.apple.update.fullbundleupdate.17G65\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS High Sierra 10.13.6 Update\", \"module\": \"Install History\"}"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":2075,"message":"{\"date\": \"2018-12-11T11:06:24\", \"packageIdentifiers\": [\"com.apple.pkg.Safari12.0.2HighSierraAuto\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Safari\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":2261,"message":"{\"date\": \"2018-12-11T11:06:24\", \"packageIdentifiers\": [\"com.apple.pkg.macOSBrain\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Security Update 2018-003\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-11T18:36:42\", \"packageIdentifiers\": [\"com.apple.pkg.InstallAssistantAuto\", \"com.apple.pkg.InstallESDDmg\", \"com.apple.pkg.RecoveryHDMetaDmg\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS Mojave\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":2449} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":2701,"message":"{\"date\": \"2018-12-11T19:01:35\", \"packageIdentifiers\": [\"com.apple.pkg.Core\", \"com.apple.pkg.EmbeddedOSFirmware\", \"com.apple.pkg.SecureBoot\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"SU_TITLE\", \"module\": \"Install History\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":2931,"message":"{\"date\": \"2018-12-13T10:15:59\", \"packageIdentifiers\": [\"com.apple.pkg.XProtectPlistConfigData.16U4040\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"XProtectPlistConfigData\", \"module\": \"Install History\"}"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-13T10:16:01\", \"packageIdentifiers\": [\"com.apple.pkg.GatekeeperConfigData.16U1642\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Gatekeeper Configuration Data\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":3139} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":3350,"message":"{\"date\": \"2018-12-13T10:16:14\", \"packageIdentifiers\": [\"com.apple.pkg.TCCConfigData.16U1640\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"TCC Configuration Data\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":3547,"message":"{\"date\": \"2018-12-13T10:16:26\", \"packageIdentifiers\": [\"com.apple.pkg.MRTConfigData.16U4046\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"MRTConfigData\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"offset":3735,"message":"{\"date\": \"2018-12-13T10:45:39\", \"packageIdentifiers\": [\"com.facebook.osquery\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"osquery-3.3.0\", \"module\": \"Install History\"}"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":3908,"message":"{\"date\": \"2018-12-13T10:47:27\", \"packageIdentifiers\": [\"ch.roe.xnumon\", \"ch.roe.kext.xnumon\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"xnumon\", \"module\": \"Install History\"}"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"offset":4089,"message":"{\"date\": \"2019-02-22T18:28:42\", \"packageIdentifiers\": [\"com.apple.pkg.GatekeeperConfigData.16U1679\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Gatekeeper Configuration Data\", \"module\": \"Install History\"}"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2019-02-22T18:28:54\", \"packageIdentifiers\": [\"com.parallels.pkg.guestostools.audio\", \"com.parallels.pkg.guestostools.video\", \"com.parallels.pkg.guestostools.tg\", \"com.parallels.pkg.guestostools.network\", \"com.parallels.pkg.guestostools.hosttime\", \"com.parallels.pkg.guestostools.sf\", \"com.parallels.pkg.guestostools.ts\", \"com.parallels.pkg.guestostools.ut\", \"com.parallels.pkg.guestostools.coherence\", \"com.parallels.pkg.guestostools.iagent\", \"com.parallels.pkg.guestostools.copypaste\", \"com.parallels.pkg.guestostools.dragdrop\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Parallels Tools for Mac\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":4300} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":4944,"input":{"type":"log"},"prospector":{"type":"log"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"message":"{\"date\": \"2019-02-22T18:29:24\", \"packageIdentifiers\": [\"com.apple.pkg.MRTConfigData.16U4050\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"MRTConfigData\", \"module\": \"Install History\"}"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":5132,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Gatekeeper Status\", \"Gatekeeper Status\": \"assessments enabled\\n\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":5242,"message":"{\"Process Name\": \"apsd\", \"Process ID\": \"390\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49172-\u003e17.249.172.94:5223\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":5454,"message":"{\"Process Name\": \"apsd\", \"Process ID\": \"390\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49172-\u003e17.249.172.94:5223\"}"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"host":{"architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":5666,"message":"{\"TERM\": \"xterm-256color\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":5760,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SSH_AUTH_SOCK\": \"/private/tmp/com.apple.launchd.B3dIjdIaHW/Listeners\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":5900,"message":"{\"PATH\": \"/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":6024,"message":"{\"LANG\": \"en_US.UTF-8\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"HOME\": \"/Users/pedro\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"offset":6115} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":6207,"message":"{\"MAIL\": \"/var/mail/root\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":6301,"message":"{\"Hostname\": \"pedros-Mac.local\", \"LOGNAME\": \"root\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local","architecture":"x86_64"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"USER\": \"root\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","offset":6388,"input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":6472,"message":"{\"USERNAME\": \"root\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":6560,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SHELL\": \"/bin/sh\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"SUDO_COMMAND\": \"/usr/bin/python /Users/pedro/Desktop/Venator.py -d /tmp/\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"offset":6648} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":6792,"message":"{\"SUDO_USER\": \"pedro\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"SUDO_UID\": \"501\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"offset":6882} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":6969,"message":"{\"SUDO_GID\": \"20\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":7055,"message":"{\"__CF_USER_TEXT_ENCODING\": \"0x0:0:0\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\", \"VERSIONER_PYTHON_VERSION\": \"2.7\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":7161} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"VERSIONER_PYTHON_PREFER_32_BIT\": \"no\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":7264} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":7372,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":7440,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Periodic Scripts\", \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"]}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Periodic Scripts\", \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"], \"/etc/periodic/weekly/\": [\"320.whatis\", \"999.local\"]}","source":"/tmp/pedros-Mac.local.json","offset":7692,"input":{"type":"log"},"prospector":{"type":"log"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"offset":7998,"message":"{\"/etc/periodic/monthly/\": [\"199.rotate-fax\", \"999.local\", \"200.accounting\"], \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"], \"Hostname\": \"pedros-Mac.local\", \"/etc/periodic/weekly/\": [\"320.whatis\", \"999.local\"], \"module\": \"Periodic Scripts\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":8381,"message":"{\"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"module\": \"Cron Jobs\"}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":8491,"message":"{\"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"module\": \"Cron Jobs\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"module\": \"Cron Jobs\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local"},"offset":8655} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"offset":8871,"message":"{\"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"root\": [\"crontab: no crontab for root\\n\", null], \"module\": \"Cron Jobs\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"offset":9137,"message":"{\"\": [\"crontab: user `' unknown\\n\", null], \"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"root\": [\"crontab: no crontab for root\\n\", null], \"module\": \"Cron Jobs\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"offset":9445,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Emond Rules\", \"/etc/emond.d/rules/SampleRules.plist\": [{\"name\": \"sample rule\", \"allowPartialCriterionMatch\": false, \"enabled\": false, \"actions\": [{\"logLevel\": \"Notice\", \"logType\": \"syslog\", \"message\": \"Event Monitor started at ${builtin:now}\", \"type\": \"Log\"}], \"criterion\": [{\"operator\": \"True\"}], \"eventTypes\": [\"startup\"]}]}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":9816,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/dynres\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"9264fcec329d0be901973f7469afd187856d047f51840558d938a256921192d3\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.DynresHelper\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/dynres\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.DynresHelper.plist\"}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":10338,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/prlfs_desktop.sh\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"a4e067967acd4120b0ad1925c31987a1e672cee35fef846c0fe22921eee0ab0d\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.vm.sharedfolders.desktop\", \"Program Arguments\": \"'/Library/Parallels Guest Tools/prlfs_desktop.sh'\", \"Program\": \"None\", \"Executable Hash\": \"382727143bd3e1a9d82bac85f6ff7a6962d1bbc7c5c16a68733e0f27e594032b\", \"Path\": \"/Library/LaunchAgents/com.parallels.vm.sharedfolders.desktop.plist\"}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":10947,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/prldragdrop\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"6cadda04967edec8818405617ad627efef8ffd6614e09ed9eff666200b86c8cb\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.dragdrop\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/prldragdrop\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.dragdrop.plist\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":11471,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/coherence\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"435edf3ca7ddbf4ca91f40ac10327cb1f66676bf6ab909a042287ed8ed3d6eb5\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.coherence\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/coherence\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.coherence.plist\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":11993,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/apphelper\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"e7e8652328c96832cfab914b4c9c6cac3ca446e58e11e48adf48bee99218a376\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.iagent\", \"Program Arguments\": \"'/Library/Parallels Guest Tools/apphelper', 'ptiagent'\", \"Program\": \"None\", \"Executable Hash\": \"a83b7633e5982d521c3330a54beba3b17a20dbfed567411484e56b311709b01d\", \"Path\": \"/Library/LaunchAgents/com.parallels.iagent.plist\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Executable\": \"/Library/Parallels Guest Tools/copypaste\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"84b3cbf2d559efe52f3480834a516fe13d9e450c4fa7cee3d0b22415cc070a66\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.copypaste\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/copypaste\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.copypaste.plist\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":12564} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":13086,"message":"{\"Program Arguments\": \"['/usr/local/sbin/xnumon', '-d']\", \"Executable\": \"/usr/local/sbin/xnumon\", \"Program\": \"/usr/local/sbin/xnumon\", \"hash\": \"ccd1b402cf7db9b544b1d7bc93e4c64adbba3b7ebfc9ada5c7afa1a2f7f0d095\", \"Executable Hash\": \"5ad746178928803c53fc7ce7729e186249cdce96581f258a74da0cce74d486e7\", \"Path\": \"/Library/LaunchDaemons/ch.roe.xnumon.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"ch.roe.xnumon\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":13524,"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/timesync']\", \"Executable\": \"/Library/Parallels Guest Tools/timesync\", \"Program\": \"None\", \"hash\": \"fbc6f396850a32032d48998dd7baa863d0f7cdf9dae1be77936ed83631fc1743\", \"Executable Hash\": \"94f43cc60b229e5927724a6f09eaec7fcad108303b9a8674e558f40f87efef15\", \"Path\": \"/Library/LaunchDaemons/com.parallels.TimeSync.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.TimeSync\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Program Arguments\": \"['/usr/local/bin/osqueryd', '--flagfile=/private/var/osquery/osquery.flags']\", \"Executable\": \"/usr/local/bin/osqueryd\", \"Program\": \"None\", \"hash\": \"a8f69ec43386f17fb05416170b6103c2c09fb97d5f1cebe900ce81b42b1e9c9e\", \"Executable Hash\": \"10e78f5d173499e340c3582eeded49bbadde83f515e501d8a37a270d87138f56\", \"Path\": \"/Library/LaunchDaemons/com.facebook.osqueryd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.facebook.osqueryd\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":13990} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":14471,"message":"{\"Program Arguments\": \"['/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMessageTracer']\", \"Executable\": \"/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMessageTracer\", \"Program\": \"None\", \"hash\": \"120fb9acd8820b3459fdd179929a8f07bd7a9197eb45a45cc2c6dac8df2b94c1\", \"Executable Hash\": \"612574af8f160120fde32b53ce47ffe372a40267bfdb0c2f3e08aa59322b9f52\", \"Path\": \"/Library/LaunchDaemons/com.apple.installer.osmessagetracing.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.apple.installer.osmessagetracing\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":15049,"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/prl_fsd', '/Volumes/SharedFolders', '--share']\", \"Executable\": \"/Library/Parallels Guest Tools/prl_fsd\", \"Program\": \"None\", \"hash\": \"2ca857c31b98d19f929f5226e8a9396af13e0a3d81bb799ee7906b4d8ba7a1a1\", \"Executable Hash\": \"1c6ee9620475711ffb75bc44428d9499eb50ff735d9241bccb669fe3c0ba37b3\", \"Path\": \"/Library/LaunchDaemons/com.parallels.vm.prl_fsd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.vm.prl_fsd\"}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/prltoolsd']\", \"Executable\": \"/Library/Parallels Guest Tools/prltoolsd\", \"Program\": \"None\", \"hash\": \"d0c3be9808df1607155cd38bee880dab2a6a367370355d9072040ce45776a98f\", \"Executable Hash\": \"6b7fab3dfbff44ad08e557edf46bd4185f4d33bb3a9db5b419eeee6e5ed7820d\", \"Path\": \"/Library/LaunchDaemons/com.parallels.vm.prltoolsd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.vm.prltoolsd\"}","source":"/tmp/pedros-Mac.local.json","offset":15554,"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":16030,"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOExpressSASHBA2\", \"CFBundleExecutable\": \"ATTOExpressSASHBA2\", \"CFBundleName\": \"ATTOExpressSASHBA2\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOExpressSASHBA2.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO ExpressSAS HBA Driver 2.61.0f1 Copyright 2008-2018, ATTO Technology, Inc.\"}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":16457,"message":"{\"CFBundleIdentifier\": \"com.parallels.tools.ga\", \"CFBundleExecutable\": \"prl_video_ga\", \"CFBundleName\": \"Parallels Graphics Accelerator Plugin\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_video_ga.plugin/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}"} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.video\", \"CFBundleExecutable\": \"prl_video\", \"CFBundleName\": \"Parallels Framebuffer Driver\", \"OSBundleRequired\": \"Safe Boot\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_video.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":16851} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":17237,"message":"{\"CFBundleIdentifier\": \"com.Accusys.driver.Acxxx\", \"CFBundleExecutable\": \"ACS6x\", \"CFBundleName\": \"ACS6x\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ACS6x.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ACS6x 3.5.3 Copyright (c) 2004-2017 Accusys, Inc.\"}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":17586,"message":"{\"CFBundleIdentifier\": \"com.softraid.driver.SoftRAID\", \"CFBundleExecutable\": \"SoftRAID\", \"CFBundleName\": \"SoftRAID\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/SoftRAID.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"SoftRAID version 5.6.6, Copyright \\u00a9 2002-18 Other World Computing, Inc. All rights reserved.\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local","architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":17989,"message":"{\"CFBundleIdentifier\": \"com.highpoint-tech.kext.HighPointIOP\", \"CFBundleExecutable\": \"HighPointIOP\", \"CFBundleName\": \"HighPointIOP\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/HighPointIOP.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 4.4.1, Copyright (c) 2015 HighPoint Technologies, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":18385,"message":"{\"CFBundleIdentifier\": \"com.CalDigit.driver.HDPro\", \"CFBundleExecutable\": \"CalDigitHDProDrv\", \"CFBundleName\": \"CalDigitHDProDrv\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/CalDigitHDProDrv.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"CalDigitHDProDrv 2.1.2 Copyright (c) 2004-2009 CalDigit, Inc.\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"offset":18780,"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.eth\", \"CFBundleExecutable\": \"prl_eth\", \"CFBundleName\": null, \"OSBundleRequired\": \"Network-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_eth.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": null}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":19083,"message":"{\"CFBundleIdentifier\": \"com.parallels.driver.AppleIntelAC97Controller\", \"CFBundleExecutable\": \"AppleIntelAC97Controller\", \"CFBundleName\": \"Intel AC97 Controller Driver\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/AppleIntelAC97Controller.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version 1.1.0, Copyright 2002-2003 Apple Computer, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":19512,"message":"{\"CFBundleIdentifier\": \"com.highpoint-tech.kext.HighPointRR\", \"CFBundleExecutable\": \"HighPointRR\", \"CFBundleName\": \"HighPointRR\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/HighPointRR.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 4.13.6, Copyright (c) 2017 HighPoint Technologies, Inc.\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"CFBundleIdentifier\": \"com.Areca.ArcMSR\", \"CFBundleExecutable\": \"ArcMSR\", \"CFBundleName\": \"ArcMSR\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ArcMSR.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Areca Driver 1.3.9\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":19905} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":20218,"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOCelerityFC8\", \"CFBundleExecutable\": \"ATTOCelerityFC8\", \"CFBundleName\": \"ATTOCelerityFC8\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOCelerityFC8.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO Celerity FC Driver 3.26.0f1 Copyright 2008-2018, ATTO Technology, Inc.\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":20630,"message":"{\"CFBundleIdentifier\": \"ch.roe.kext.xnumon\", \"CFBundleExecutable\": \"xnumon\", \"CFBundleName\": \"xnumon\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/xnumon.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": null}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"message":"{\"CFBundleIdentifier\": \"com.promise.driver.stex\", \"CFBundleExecutable\": \"PromiseSTEX\", \"CFBundleName\": \"PromiseSTEX\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/PromiseSTEX.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 6.2.9, Copyright (c) 2010-2017 Promise Technology, Inc.\"}","source":"/tmp/pedros-Mac.local.json","offset":20921,"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.tg\", \"CFBundleExecutable\": \"prl_tg\", \"CFBundleName\": \"prl_tg\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_tg.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":21302} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":21650,"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOExpressSASRAID2\", \"CFBundleExecutable\": \"ATTOExpressSASRAID2\", \"CFBundleName\": \"ATTOExpressSASRAID2\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOExpressSASRAID2.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO ExpressSAS RAID Driver 3.76 Copyright 2009-2016, ATTO Technology, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local"},"offset":22078,"message":"{\"CFBundleIdentifier\": \"com.parallels.driver.AppleIntelAC97Audio\", \"CFBundleExecutable\": \"AppleIntelAC97Audio\", \"CFBundleName\": \"Intel AC97 Audio Driver\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/AppleIntelAC97Audio.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version 1.1.0, Copyright 2002-2003 Apple Computer, Inc.\"}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":22487,"message":"{\"Application\": \"/Applications/Siri.app\", \"module\": \"Applications\", \"App Hash\": \"659ce5b6f49531752edfd1b202a11a01d9cbe579e95e521d19f1b3fdbc0cb004\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Siri.app/Contents/MacOS/Siri\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":22883,"message":"{\"Application\": \"/Applications/QuickTime Player.app\", \"module\": \"Applications\", \"App Hash\": \"9f925e75b5363a9d91ac2f70f6576eacf98bcb396e3a85bb2e419f7cea0113c9\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/QuickTime Player.app/Contents/MacOS/QuickTime Player\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":23315,"message":"{\"Application\": \"/Applications/Chess.app\", \"module\": \"Applications\", \"App Hash\": \"615b1feb2bbd494aed09591672a7f931af687cad1e8c644c2160004648f62050\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Chess.app/Contents/MacOS/Chess\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":23714,"message":"{\"Application\": \"/Applications/Photo Booth.app\", \"module\": \"Applications\", \"App Hash\": \"c26dd0b8cce3f53ab2c93c542ca7fffd8d4bf5bafa19c4201c2ad819bcddba2a\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Photo Booth.app/Contents/MacOS/Photo Booth\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"offset":24131,"message":"{\"Application\": \"/Applications/Books.app\", \"module\": \"Applications\", \"App Hash\": \"4a75c9f5efdb87c88eb59b980bac2ffd10e534c8a034786ff3ae6030e9f9cf01\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Books.app/Contents/MacOS/Books\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":24530,"message":"{\"Application\": \"/Applications/.DS_Store\", \"module\": \"Applications\", \"App Hash\": \"4a75c9f5efdb87c88eb59b980bac2ffd10e534c8a034786ff3ae6030e9f9cf01\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Books.app/Contents/MacOS/Books\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Notes.app\", \"module\": \"Applications\", \"App Hash\": \"67e7e537427584acc50f0cd34d141f08c20796ea42073509299a9e73c9ec4fff\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Notes.app/Contents/MacOS/Notes\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"offset":24929} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":25328,"message":"{\"Application\": \"/Applications/Image Capture.app\", \"module\": \"Applications\", \"App Hash\": \"1c5fac3acbe9dc846926c39762cb41a5c0e14160eb6b1ecae903d08c2d186c32\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Image Capture.app/Contents/MacOS/Image Capture\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"offset":25751,"message":"{\"Application\": \"/Applications/Home.app\", \"module\": \"Applications\", \"App Hash\": \"36e01c95cd54d08aa3f320e9338564bd4c532da9e78344eeb6ed9ff62f521045\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Home.app/Contents/MacOS/Home\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":26147,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"message":"{\"Application\": \"/Applications/.localized\", \"module\": \"Applications\", \"App Hash\": \"36e01c95cd54d08aa3f320e9338564bd4c532da9e78344eeb6ed9ff62f521045\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Home.app/Contents/MacOS/Home\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"offset":26545,"message":"{\"Application\": \"/Applications/Preview.app\", \"module\": \"Applications\", \"App Hash\": \"0f9d95339af191875392222af88fa151f937eddb3c02f81a5024e4bb7022709d\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Preview.app/Contents/MacOS/Preview\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":26950,"message":"{\"Application\": \"/Applications/Dashboard.app\", \"module\": \"Applications\", \"App Hash\": \"d16b45973a6329296ada0e0d8dc413a00f8f2c95cc472b3eb36fd1a7080ed9a7\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Dashboard.app/Contents/MacOS/Dashboard\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/News.app\", \"module\": \"Applications\", \"App Hash\": \"91733567592d94d416d995e1c858ac9f3b8f094d89eeca145ff590bfdac7782b\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/News.app/Contents/MacOS/News\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":27361} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":27757,"message":"{\"Application\": \"/Applications/TextEdit.app\", \"module\": \"Applications\", \"App Hash\": \"7b3f956664bd79dece5bbb4087b46968e7f2fd8773b1e0178be845d40e4116de\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/TextEdit.app/Contents/MacOS/TextEdit\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":28165,"message":"{\"Application\": \"/Applications/Stocks.app\", \"module\": \"Applications\", \"App Hash\": \"79f68b48a37f052997f5f9c773b5167ed582bbb78fb04d5ad25c131de54859dd\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Stocks.app/Contents/MacOS/Stocks\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":28567,"message":"{\"Application\": \"/Applications/Mail.app\", \"module\": \"Applications\", \"App Hash\": \"c5a5ccd6364304e0e2ffa765d80a32a3518d5f2127e4b064a80d71f64d28126a\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Mail.app/Contents/MacOS/Mail\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"Application\": \"/Applications/Safari.app\", \"module\": \"Applications\", \"App Hash\": \"fc635209818abaa4ae37b54c6efad8b5b58c80ba6b7f29e05bee30289fd8dd49\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Safari.app/Contents/MacOS/Safari\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":28963} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Dictionary.app\", \"module\": \"Applications\", \"App Hash\": \"85d63b59e0ace173290fa0a29827eddd65bb5d66e610903bbad4420c338b809c\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Dictionary.app/Contents/MacOS/Dictionary\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":29365} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":29779,"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"message":"{\"Application\": \"/Applications/Contacts.app\", \"module\": \"Applications\", \"App Hash\": \"8ca4b70162b001ca23c77f381101649750d306f684c8646dc231584e57ab0783\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Contacts.app/Contents/MacOS/Contacts\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":30187,"message":"{\"Application\": \"/Applications/Time Machine.app\", \"module\": \"Applications\", \"App Hash\": \"21d7852366d8deed020fd1299dff162e8de86a68e3a2828d1b5d3d1a6dd021f3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Time Machine.app/Contents/MacOS/Time Machine\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Utilities\", \"module\": \"Applications\", \"App Hash\": \"21d7852366d8deed020fd1299dff162e8de86a68e3a2828d1b5d3d1a6dd021f3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Time Machine.app/Contents/MacOS/Time Machine\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":30607} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":31020,"message":"{\"Application\": \"/Applications/Font Book.app\", \"module\": \"Applications\", \"App Hash\": \"bd4f183e948eceadcbc899016a06d8b4a5b8ff6f9b17a86236bf035f8a76e0b3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Font Book.app/Contents/MacOS/Font Book\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":31431,"message":"{\"Application\": \"/Applications/FaceTime.app\", \"module\": \"Applications\", \"App Hash\": \"2b2d847841d19024d96b87c5fdf2c680f6175afcce6bd64b416ff0810e555ace\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/FaceTime.app/Contents/MacOS/FaceTime\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"offset":31839,"message":"{\"Application\": \"/Applications/Maps.app\", \"module\": \"Applications\", \"App Hash\": \"fb4f140d7113177fcfb1f648cadb53c14f993413c1595a008eca5f6a51d65594\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Maps.app/Contents/MacOS/Maps\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Mission Control.app\", \"module\": \"Applications\", \"App Hash\": \"ab3777237bd55d8c989753ed7e689f14d12080d8a0424c515be49fa51e20626d\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Mission Control.app/Contents/MacOS/Mission Control\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":32235} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":32664,"message":"{\"Application\": \"/Applications/Stickies.app\", \"module\": \"Applications\", \"App Hash\": \"2d99b9eff803ae0f12f862e49f2acb61f366a20a297bf336af39dbdcd3a4ff77\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Stickies.app/Contents/MacOS/Stickies\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":33072,"message":"{\"Application\": \"/Applications/Photos.app\", \"module\": \"Applications\", \"App Hash\": \"e5ba1e45ea442103882e56876d4c1ac134001e6ee01be3f91cc1fd55bc564226\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Photos.app/Contents/MacOS/Photos\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":33474,"message":"{\"Application\": \"/Applications/Messages.app\", \"module\": \"Applications\", \"App Hash\": \"ac927ae17bf5173a31a429be099b1fad74756c1130b96f0d9a3e643ea2e766b0\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Messages.app/Contents/MacOS/Messages\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Calculator.app\", \"module\": \"Applications\", \"App Hash\": \"e7edb05f935b66021a108082107523cef18d934a9c176cfdee16a81158a44cb7\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Calculator.app/Contents/MacOS/Calculator\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":33882} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":34296,"message":"{\"Application\": \"/Applications/VoiceMemos.app\", \"module\": \"Applications\", \"App Hash\": \"ad72e1623011457e03c8c662a0a18d1fbaaf44eec359d48413dd5bdb9517afbf\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/VoiceMemos.app/Contents/MacOS/VoiceMemos\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":34710,"message":"{\"Application\": \"/Applications/iTunes.app\", \"module\": \"Applications\", \"App Hash\": \"94c3d7870dd1a865e2f27a64f9cbd3182424123ffec79c788ac98d37f0f009ee\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/iTunes.app/Contents/MacOS/iTunes\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"offset":35112,"message":"{\"Application\": \"/Applications/Launchpad.app\", \"module\": \"Applications\", \"App Hash\": \"3a24761426ebbb9c889c4cc806e9a241f296459cb243eec9e4492d70ef58f2d8\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Launchpad.app/Contents/MacOS/Launchpad\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":35523,"message":"{\"Application\": \"/Applications/Reminders.app\", \"module\": \"Applications\", \"App Hash\": \"ea8f7ca6790139d2dd7d2e72ad9a2b8153f0228ccb7c4f643006bbf69a66fc55\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Reminders.app/Contents/MacOS/Reminders\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":35934,"message":"{\"Application\": \"/Applications/App Store.app\", \"module\": \"Applications\", \"App Hash\": \"c895b9f090d52298539d3ad6f0e0c3a3c9d32517c9fa43e82c45617177c69b07\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/App Store.app/Contents/MacOS/App Store\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"offset":36345,"message":"{\"Application\": \"/Applications/Automator.app\", \"module\": \"Applications\", \"App Hash\": \"05e9783f41567545e92e239ba629515eb8e6b6ba9d79cae3fb204dff2dd713a9\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Automator.app/Contents/MacOS/Automator\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":36756,"message":"{\"Application\": \"/Applications/Calendar.app\", \"module\": \"Applications\", \"App Hash\": \"6fbc168c2b14270aefb3ad1a73efea31a571600fe85c9344abc37d7a4f6ed64b\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Calendar.app/Contents/MacOS/Calendar\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":37164,"message":"{\"Application\": \"/Applications/System Preferences.app\", \"module\": \"Applications\", \"App Hash\": \"bed7eeac83d232a0d090a4158b3a1872aaa8744235b8d6dcb7f933087258cff5\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/System Preferences.app/Contents/MacOS/System Preferences\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"1189641421\", \"Tapping Process Name\": \"/System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"334\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":37602} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":37844,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"596516649\", \"Tapping Process Name\": \"/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"315\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:29.725Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":38136,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"1649760492\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"False\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:29.725Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":38320,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"719885386\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"False\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:29.725Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":38503,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"424238335\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:29.725Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":38685,"message":"{\"Module\": \"Bash History\", \"user\": \"pedro\", \"bash_commands\": [\"diskutil list\", \"cd \", \"sudo -i\", \"ls /var/log/\", \"cd /var/log/osquery/\", \"ls\", \"ls -la\", \"clear\", \"clear\", \"cd\", \"clear\", \"sudo -i\", \"/tmp/\", \"clear\", \"sudo -i\", \"cd Downloads/\", \"ls\", \"cd filebeat-6.5.4-darwin-x86_64/\", \"sudo -i\", \"cd Downloads/\", \"ls\", \"clear\", \"ls\", \"cd filebeat-6.5.4-darwin-x86_64/\", \"ls\", \"nano filebeat\", \"nano filebeat.yml \", \"sudo -i\", \"\"]}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.807Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":0,"message":"{\"Hostname\": \"pedros-Mac.local\", \"users\": [\"daemon\", \"nobody\", \"pedro\", \"root\", \"\"], \"module\": \"Users\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"Hostname\": \"pedros-Mac.local\", \"SIP Status\": \"enabled\", \"module\": \"System Intergrity Protection\"}","source":"/tmp/pedros-Mac.local.json","offset":104,"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":204,"message":"{\"kernel\": \"18.2.0\", \"hostname\": \"pedros-Mac.local\", \"kernel_release\": \"xnu-4903.231.4~2/RELEASE_X86_64\", \"module\": \"System Info\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-11T07:31:45\", \"packageIdentifiers\": [\"com.apple.pkg.Core\", \"com.apple.pkg.EmbeddedOSFirmware\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"SU_TITLE\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":335} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":537,"message":"{\"date\": \"2018-12-11T07:44:31\", \"packageIdentifiers\": [\"com.parallels.pkg.guestostools.audio\", \"com.parallels.pkg.guestostools.video\", \"com.parallels.pkg.guestostools.tg\", \"com.parallels.pkg.guestostools.network\", \"com.parallels.pkg.guestostools.hosttime\", \"com.parallels.pkg.guestostools.sf\", \"com.parallels.pkg.guestostools.ts\", \"com.parallels.pkg.guestostools.ut\", \"com.parallels.pkg.guestostools.coherence\", \"com.parallels.pkg.guestostools.iagent\", \"com.parallels.pkg.guestostools.copypaste\", \"com.parallels.pkg.guestostools.dragdrop\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Parallels Tools for Mac\", \"module\": \"Install History\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"offset":1181,"message":"{\"date\": \"2018-12-11T08:13:23\", \"packageIdentifiers\": [\"com.apple.pkg.macOSUpdCombo10.13.6Auto.RecoveryHDUpdate.17G65\", \"com.apple.pkg.macOSBrain\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS High Sierra 10.13.6 Update\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":1442,"message":"{\"date\": \"2018-12-11T08:13:23\", \"packageIdentifiers\": [\"com.apple.pkg.iTunesX\", \"com.apple.pkg.iTunesAccess\", \"com.apple.pkg.CoreFP\", \"com.apple.pkg.CoreADI\", \"com.apple.pkg.MobileDevice\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"iTunes\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":1718,"message":"{\"date\": \"2018-12-11T08:21:34\", \"packageIdentifiers\": [\"com.apple.pkg.FirmwareUpdate\", \"com.apple.pkg.update.os.Combo10.13.6Auto.17G65\", \"com.apple.pkg.SecureBoot\", \"com.apple.pkg.EmbeddedOSFirmware\", \"com.apple.update.fullbundleupdate.17G65\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS High Sierra 10.13.6 Update\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":2075,"message":"{\"date\": \"2018-12-11T11:06:24\", \"packageIdentifiers\": [\"com.apple.pkg.Safari12.0.2HighSierraAuto\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Safari\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":2261,"message":"{\"date\": \"2018-12-11T11:06:24\", \"packageIdentifiers\": [\"com.apple.pkg.macOSBrain\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Security Update 2018-003\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64","name":"pedros-Mac.local"},"offset":2449,"message":"{\"date\": \"2018-12-11T18:36:42\", \"packageIdentifiers\": [\"com.apple.pkg.InstallAssistantAuto\", \"com.apple.pkg.InstallESDDmg\", \"com.apple.pkg.RecoveryHDMetaDmg\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS Mojave\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":2701,"message":"{\"date\": \"2018-12-11T19:01:35\", \"packageIdentifiers\": [\"com.apple.pkg.Core\", \"com.apple.pkg.EmbeddedOSFirmware\", \"com.apple.pkg.SecureBoot\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"SU_TITLE\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":2931,"message":"{\"date\": \"2018-12-13T10:15:59\", \"packageIdentifiers\": [\"com.apple.pkg.XProtectPlistConfigData.16U4040\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"XProtectPlistConfigData\", \"module\": \"Install History\"}"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":3139,"message":"{\"date\": \"2018-12-13T10:16:01\", \"packageIdentifiers\": [\"com.apple.pkg.GatekeeperConfigData.16U1642\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Gatekeeper Configuration Data\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":3350,"message":"{\"date\": \"2018-12-13T10:16:14\", \"packageIdentifiers\": [\"com.apple.pkg.TCCConfigData.16U1640\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"TCC Configuration Data\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":3547,"message":"{\"date\": \"2018-12-13T10:16:26\", \"packageIdentifiers\": [\"com.apple.pkg.MRTConfigData.16U4046\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"MRTConfigData\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":3735,"message":"{\"date\": \"2018-12-13T10:45:39\", \"packageIdentifiers\": [\"com.facebook.osquery\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"osquery-3.3.0\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":3908,"message":"{\"date\": \"2018-12-13T10:47:27\", \"packageIdentifiers\": [\"ch.roe.xnumon\", \"ch.roe.kext.xnumon\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"xnumon\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":4089,"message":"{\"date\": \"2019-02-22T18:28:42\", \"packageIdentifiers\": [\"com.apple.pkg.GatekeeperConfigData.16U1679\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Gatekeeper Configuration Data\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2019-02-22T18:28:54\", \"packageIdentifiers\": [\"com.parallels.pkg.guestostools.audio\", \"com.parallels.pkg.guestostools.video\", \"com.parallels.pkg.guestostools.tg\", \"com.parallels.pkg.guestostools.network\", \"com.parallels.pkg.guestostools.hosttime\", \"com.parallels.pkg.guestostools.sf\", \"com.parallels.pkg.guestostools.ts\", \"com.parallels.pkg.guestostools.ut\", \"com.parallels.pkg.guestostools.coherence\", \"com.parallels.pkg.guestostools.iagent\", \"com.parallels.pkg.guestostools.copypaste\", \"com.parallels.pkg.guestostools.dragdrop\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Parallels Tools for Mac\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":4300,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":4944,"message":"{\"date\": \"2019-02-22T18:29:24\", \"packageIdentifiers\": [\"com.apple.pkg.MRTConfigData.16U4050\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"MRTConfigData\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":5132,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Gatekeeper Status\", \"Gatekeeper Status\": \"assessments enabled\\n\"}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":5242,"message":"{\"Process Name\": \"apsd\", \"Process ID\": \"390\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49172-\u003e17.249.172.94:5223\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":5454,"message":"{\"Process Name\": \"apsd\", \"Process ID\": \"390\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49172-\u003e17.249.172.94:5223\"}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Process Name\": \"filebeat\", \"Process ID\": \"2369\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49296-\u003e172.16.250.152:XmlIpcRegSvc\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":5666} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":5892,"message":"{\"Process Name\": \"filebeat\", \"Process ID\": \"2369\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49297-\u003e172.16.250.152:XmlIpcRegSvc\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":6118,"message":"{\"TERM\": \"xterm-256color\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":6212,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SSH_AUTH_SOCK\": \"/private/tmp/com.apple.launchd.B3dIjdIaHW/Listeners\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":6352,"message":"{\"PATH\": \"/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":6476,"message":"{\"LANG\": \"en_US.UTF-8\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"HOME\": \"/Users/pedro\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","offset":6567,"prospector":{"type":"log"},"input":{"type":"log"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":6659,"message":"{\"MAIL\": \"/var/mail/root\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"LOGNAME\": \"root\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":6753} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local","architecture":"x86_64"},"offset":6840,"message":"{\"Hostname\": \"pedros-Mac.local\", \"USER\": \"root\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":6924,"message":"{\"USERNAME\": \"root\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":7012,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SHELL\": \"/bin/sh\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"message":"{\"SUDO_COMMAND\": \"/usr/bin/python /Users/pedro/Desktop/Venator.py -d /tmp/\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","offset":7100} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":7244,"message":"{\"SUDO_USER\": \"pedro\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":7334,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SUDO_UID\": \"501\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":7421,"message":"{\"SUDO_GID\": \"20\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":7507,"message":"{\"__CF_USER_TEXT_ENCODING\": \"0x0:0:0\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":7613,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\", \"VERSIONER_PYTHON_VERSION\": \"2.7\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"offset":7716,"message":"{\"Hostname\": \"pedros-Mac.local\", \"VERSIONER_PYTHON_PREFER_32_BIT\": \"no\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":7824,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":7892,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Periodic Scripts\", \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"]}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":8144,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Periodic Scripts\", \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"], \"/etc/periodic/weekly/\": [\"320.whatis\", \"999.local\"]}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":8450,"message":"{\"/etc/periodic/monthly/\": [\"199.rotate-fax\", \"999.local\", \"200.accounting\"], \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"], \"Hostname\": \"pedros-Mac.local\", \"/etc/periodic/weekly/\": [\"320.whatis\", \"999.local\"], \"module\": \"Periodic Scripts\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":8833,"message":"{\"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"module\": \"Cron Jobs\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"offset":8943,"message":"{\"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"module\": \"Cron Jobs\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":9107,"message":"{\"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"module\": \"Cron Jobs\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"root\": [\"crontab: no crontab for root\\n\", null], \"module\": \"Cron Jobs\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":9323} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":9589,"message":"{\"\": [\"crontab: user `' unknown\\n\", null], \"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"root\": [\"crontab: no crontab for root\\n\", null], \"module\": \"Cron Jobs\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":9897,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Emond Rules\", \"/etc/emond.d/rules/SampleRules.plist\": [{\"name\": \"sample rule\", \"allowPartialCriterionMatch\": false, \"enabled\": false, \"actions\": [{\"logLevel\": \"Notice\", \"logType\": \"syslog\", \"message\": \"Event Monitor started at ${builtin:now}\", \"type\": \"Log\"}], \"criterion\": [{\"operator\": \"True\"}], \"eventTypes\": [\"startup\"]}]}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":10268,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/dynres\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"9264fcec329d0be901973f7469afd187856d047f51840558d938a256921192d3\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.DynresHelper\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/dynres\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.DynresHelper.plist\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":10790,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/prlfs_desktop.sh\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"a4e067967acd4120b0ad1925c31987a1e672cee35fef846c0fe22921eee0ab0d\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.vm.sharedfolders.desktop\", \"Program Arguments\": \"'/Library/Parallels Guest Tools/prlfs_desktop.sh'\", \"Program\": \"None\", \"Executable Hash\": \"382727143bd3e1a9d82bac85f6ff7a6962d1bbc7c5c16a68733e0f27e594032b\", \"Path\": \"/Library/LaunchAgents/com.parallels.vm.sharedfolders.desktop.plist\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":11399,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/prldragdrop\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"6cadda04967edec8818405617ad627efef8ffd6614e09ed9eff666200b86c8cb\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.dragdrop\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/prldragdrop\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.dragdrop.plist\"}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":11923,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/coherence\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"435edf3ca7ddbf4ca91f40ac10327cb1f66676bf6ab909a042287ed8ed3d6eb5\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.coherence\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/coherence\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.coherence.plist\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"offset":12445,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/apphelper\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"e7e8652328c96832cfab914b4c9c6cac3ca446e58e11e48adf48bee99218a376\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.iagent\", \"Program Arguments\": \"'/Library/Parallels Guest Tools/apphelper', 'ptiagent'\", \"Program\": \"None\", \"Executable Hash\": \"a83b7633e5982d521c3330a54beba3b17a20dbfed567411484e56b311709b01d\", \"Path\": \"/Library/LaunchAgents/com.parallels.iagent.plist\"}"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":13016,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/copypaste\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"84b3cbf2d559efe52f3480834a516fe13d9e450c4fa7cee3d0b22415cc070a66\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.copypaste\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/copypaste\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.copypaste.plist\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Program Arguments\": \"['/usr/local/sbin/xnumon', '-d']\", \"Executable\": \"/usr/local/sbin/xnumon\", \"Program\": \"/usr/local/sbin/xnumon\", \"hash\": \"ccd1b402cf7db9b544b1d7bc93e4c64adbba3b7ebfc9ada5c7afa1a2f7f0d095\", \"Executable Hash\": \"5ad746178928803c53fc7ce7729e186249cdce96581f258a74da0cce74d486e7\", \"Path\": \"/Library/LaunchDaemons/ch.roe.xnumon.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"ch.roe.xnumon\"}","source":"/tmp/pedros-Mac.local.json","offset":13538,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":13976,"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/timesync']\", \"Executable\": \"/Library/Parallels Guest Tools/timesync\", \"Program\": \"None\", \"hash\": \"fbc6f396850a32032d48998dd7baa863d0f7cdf9dae1be77936ed83631fc1743\", \"Executable Hash\": \"94f43cc60b229e5927724a6f09eaec7fcad108303b9a8674e558f40f87efef15\", \"Path\": \"/Library/LaunchDaemons/com.parallels.TimeSync.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.TimeSync\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":14442,"message":"{\"Program Arguments\": \"['/usr/local/bin/osqueryd', '--flagfile=/private/var/osquery/osquery.flags']\", \"Executable\": \"/usr/local/bin/osqueryd\", \"Program\": \"None\", \"hash\": \"a8f69ec43386f17fb05416170b6103c2c09fb97d5f1cebe900ce81b42b1e9c9e\", \"Executable Hash\": \"10e78f5d173499e340c3582eeded49bbadde83f515e501d8a37a270d87138f56\", \"Path\": \"/Library/LaunchDaemons/com.facebook.osqueryd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.facebook.osqueryd\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Program Arguments\": \"['/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMessageTracer']\", \"Executable\": \"/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMessageTracer\", \"Program\": \"None\", \"hash\": \"120fb9acd8820b3459fdd179929a8f07bd7a9197eb45a45cc2c6dac8df2b94c1\", \"Executable Hash\": \"612574af8f160120fde32b53ce47ffe372a40267bfdb0c2f3e08aa59322b9f52\", \"Path\": \"/Library/LaunchDaemons/com.apple.installer.osmessagetracing.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.apple.installer.osmessagetracing\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":14923} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"offset":15501,"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/prl_fsd', '/Volumes/SharedFolders', '--share']\", \"Executable\": \"/Library/Parallels Guest Tools/prl_fsd\", \"Program\": \"None\", \"hash\": \"2ca857c31b98d19f929f5226e8a9396af13e0a3d81bb799ee7906b4d8ba7a1a1\", \"Executable Hash\": \"1c6ee9620475711ffb75bc44428d9499eb50ff735d9241bccb669fe3c0ba37b3\", \"Path\": \"/Library/LaunchDaemons/com.parallels.vm.prl_fsd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.vm.prl_fsd\"}"} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":16006,"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/prltoolsd']\", \"Executable\": \"/Library/Parallels Guest Tools/prltoolsd\", \"Program\": \"None\", \"hash\": \"d0c3be9808df1607155cd38bee880dab2a6a367370355d9072040ce45776a98f\", \"Executable Hash\": \"6b7fab3dfbff44ad08e557edf46bd4185f4d33bb3a9db5b419eeee6e5ed7820d\", \"Path\": \"/Library/LaunchDaemons/com.parallels.vm.prltoolsd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.vm.prltoolsd\"}"} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOExpressSASHBA2\", \"CFBundleExecutable\": \"ATTOExpressSASHBA2\", \"CFBundleName\": \"ATTOExpressSASHBA2\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOExpressSASHBA2.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO ExpressSAS HBA Driver 2.61.0f1 Copyright 2008-2018, ATTO Technology, Inc.\"}","source":"/tmp/pedros-Mac.local.json","offset":16482,"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":16909,"message":"{\"CFBundleIdentifier\": \"com.parallels.tools.ga\", \"CFBundleExecutable\": \"prl_video_ga\", \"CFBundleName\": \"Parallels Graphics Accelerator Plugin\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_video_ga.plugin/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":17303,"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.video\", \"CFBundleExecutable\": \"prl_video\", \"CFBundleName\": \"Parallels Framebuffer Driver\", \"OSBundleRequired\": \"Safe Boot\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_video.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"message":"{\"CFBundleIdentifier\": \"com.Accusys.driver.Acxxx\", \"CFBundleExecutable\": \"ACS6x\", \"CFBundleName\": \"ACS6x\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ACS6x.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ACS6x 3.5.3 Copyright (c) 2004-2017 Accusys, Inc.\"}","source":"/tmp/pedros-Mac.local.json","offset":17689,"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":18038,"message":"{\"CFBundleIdentifier\": \"com.softraid.driver.SoftRAID\", \"CFBundleExecutable\": \"SoftRAID\", \"CFBundleName\": \"SoftRAID\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/SoftRAID.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"SoftRAID version 5.6.6, Copyright \\u00a9 2002-18 Other World Computing, Inc. All rights reserved.\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local","architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":18441,"message":"{\"CFBundleIdentifier\": \"com.highpoint-tech.kext.HighPointIOP\", \"CFBundleExecutable\": \"HighPointIOP\", \"CFBundleName\": \"HighPointIOP\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/HighPointIOP.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 4.4.1, Copyright (c) 2015 HighPoint Technologies, Inc.\"}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":18837,"message":"{\"CFBundleIdentifier\": \"com.CalDigit.driver.HDPro\", \"CFBundleExecutable\": \"CalDigitHDProDrv\", \"CFBundleName\": \"CalDigitHDProDrv\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/CalDigitHDProDrv.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"CalDigitHDProDrv 2.1.2 Copyright (c) 2004-2009 CalDigit, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":19232,"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.eth\", \"CFBundleExecutable\": \"prl_eth\", \"CFBundleName\": null, \"OSBundleRequired\": \"Network-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_eth.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": null}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":19535,"message":"{\"CFBundleIdentifier\": \"com.parallels.driver.AppleIntelAC97Controller\", \"CFBundleExecutable\": \"AppleIntelAC97Controller\", \"CFBundleName\": \"Intel AC97 Controller Driver\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/AppleIntelAC97Controller.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version 1.1.0, Copyright 2002-2003 Apple Computer, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"CFBundleIdentifier\": \"com.highpoint-tech.kext.HighPointRR\", \"CFBundleExecutable\": \"HighPointRR\", \"CFBundleName\": \"HighPointRR\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/HighPointRR.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 4.13.6, Copyright (c) 2017 HighPoint Technologies, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":19964} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":20357,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"CFBundleIdentifier\": \"com.Areca.ArcMSR\", \"CFBundleExecutable\": \"ArcMSR\", \"CFBundleName\": \"ArcMSR\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ArcMSR.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Areca Driver 1.3.9\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOCelerityFC8\", \"CFBundleExecutable\": \"ATTOCelerityFC8\", \"CFBundleName\": \"ATTOCelerityFC8\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOCelerityFC8.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO Celerity FC Driver 3.26.0f1 Copyright 2008-2018, ATTO Technology, Inc.\"}","source":"/tmp/pedros-Mac.local.json","offset":20670,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":21082,"message":"{\"CFBundleIdentifier\": \"ch.roe.kext.xnumon\", \"CFBundleExecutable\": \"xnumon\", \"CFBundleName\": \"xnumon\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/xnumon.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": null}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":21373,"message":"{\"CFBundleIdentifier\": \"com.promise.driver.stex\", \"CFBundleExecutable\": \"PromiseSTEX\", \"CFBundleName\": \"PromiseSTEX\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/PromiseSTEX.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 6.2.9, Copyright (c) 2010-2017 Promise Technology, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"offset":21754,"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.tg\", \"CFBundleExecutable\": \"prl_tg\", \"CFBundleName\": \"prl_tg\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_tg.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}"} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOExpressSASRAID2\", \"CFBundleExecutable\": \"ATTOExpressSASRAID2\", \"CFBundleName\": \"ATTOExpressSASRAID2\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOExpressSASRAID2.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO ExpressSAS RAID Driver 3.76 Copyright 2009-2016, ATTO Technology, Inc.\"}","source":"/tmp/pedros-Mac.local.json","offset":22102,"prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":22530,"message":"{\"CFBundleIdentifier\": \"com.parallels.driver.AppleIntelAC97Audio\", \"CFBundleExecutable\": \"AppleIntelAC97Audio\", \"CFBundleName\": \"Intel AC97 Audio Driver\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/AppleIntelAC97Audio.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version 1.1.0, Copyright 2002-2003 Apple Computer, Inc.\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Siri.app\", \"module\": \"Applications\", \"App Hash\": \"659ce5b6f49531752edfd1b202a11a01d9cbe579e95e521d19f1b3fdbc0cb004\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Siri.app/Contents/MacOS/Siri\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":22939} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"offset":23335,"message":"{\"Application\": \"/Applications/QuickTime Player.app\", \"module\": \"Applications\", \"App Hash\": \"9f925e75b5363a9d91ac2f70f6576eacf98bcb396e3a85bb2e419f7cea0113c9\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/QuickTime Player.app/Contents/MacOS/QuickTime Player\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":23767,"message":"{\"Application\": \"/Applications/Chess.app\", \"module\": \"Applications\", \"App Hash\": \"615b1feb2bbd494aed09591672a7f931af687cad1e8c644c2160004648f62050\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Chess.app/Contents/MacOS/Chess\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":24166,"message":"{\"Application\": \"/Applications/Photo Booth.app\", \"module\": \"Applications\", \"App Hash\": \"c26dd0b8cce3f53ab2c93c542ca7fffd8d4bf5bafa19c4201c2ad819bcddba2a\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Photo Booth.app/Contents/MacOS/Photo Booth\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":24583,"message":"{\"Application\": \"/Applications/Books.app\", \"module\": \"Applications\", \"App Hash\": \"4a75c9f5efdb87c88eb59b980bac2ffd10e534c8a034786ff3ae6030e9f9cf01\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Books.app/Contents/MacOS/Books\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":24982,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"message":"{\"Application\": \"/Applications/.DS_Store\", \"module\": \"Applications\", \"App Hash\": \"4a75c9f5efdb87c88eb59b980bac2ffd10e534c8a034786ff3ae6030e9f9cf01\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Books.app/Contents/MacOS/Books\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":25381,"message":"{\"Application\": \"/Applications/Notes.app\", \"module\": \"Applications\", \"App Hash\": \"67e7e537427584acc50f0cd34d141f08c20796ea42073509299a9e73c9ec4fff\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Notes.app/Contents/MacOS/Notes\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":25780,"message":"{\"Application\": \"/Applications/Image Capture.app\", \"module\": \"Applications\", \"App Hash\": \"1c5fac3acbe9dc846926c39762cb41a5c0e14160eb6b1ecae903d08c2d186c32\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Image Capture.app/Contents/MacOS/Image Capture\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":26203,"message":"{\"Application\": \"/Applications/Home.app\", \"module\": \"Applications\", \"App Hash\": \"36e01c95cd54d08aa3f320e9338564bd4c532da9e78344eeb6ed9ff62f521045\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Home.app/Contents/MacOS/Home\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":26599,"message":"{\"Application\": \"/Applications/.localized\", \"module\": \"Applications\", \"App Hash\": \"36e01c95cd54d08aa3f320e9338564bd4c532da9e78344eeb6ed9ff62f521045\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Home.app/Contents/MacOS/Home\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"offset":26997,"message":"{\"Application\": \"/Applications/Preview.app\", \"module\": \"Applications\", \"App Hash\": \"0f9d95339af191875392222af88fa151f937eddb3c02f81a5024e4bb7022709d\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Preview.app/Contents/MacOS/Preview\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":27402,"message":"{\"Application\": \"/Applications/Dashboard.app\", \"module\": \"Applications\", \"App Hash\": \"d16b45973a6329296ada0e0d8dc413a00f8f2c95cc472b3eb36fd1a7080ed9a7\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Dashboard.app/Contents/MacOS/Dashboard\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":27813,"message":"{\"Application\": \"/Applications/News.app\", \"module\": \"Applications\", \"App Hash\": \"91733567592d94d416d995e1c858ac9f3b8f094d89eeca145ff590bfdac7782b\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/News.app/Contents/MacOS/News\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":28209,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"message":"{\"Application\": \"/Applications/TextEdit.app\", \"module\": \"Applications\", \"App Hash\": \"7b3f956664bd79dece5bbb4087b46968e7f2fd8773b1e0178be845d40e4116de\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/TextEdit.app/Contents/MacOS/TextEdit\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":28617,"message":"{\"Application\": \"/Applications/Stocks.app\", \"module\": \"Applications\", \"App Hash\": \"79f68b48a37f052997f5f9c773b5167ed582bbb78fb04d5ad25c131de54859dd\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Stocks.app/Contents/MacOS/Stocks\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":29019,"message":"{\"Application\": \"/Applications/Mail.app\", \"module\": \"Applications\", \"App Hash\": \"c5a5ccd6364304e0e2ffa765d80a32a3518d5f2127e4b064a80d71f64d28126a\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Mail.app/Contents/MacOS/Mail\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":29415,"message":"{\"Application\": \"/Applications/Safari.app\", \"module\": \"Applications\", \"App Hash\": \"fc635209818abaa4ae37b54c6efad8b5b58c80ba6b7f29e05bee30289fd8dd49\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Safari.app/Contents/MacOS/Safari\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":29817,"message":"{\"Application\": \"/Applications/Dictionary.app\", \"module\": \"Applications\", \"App Hash\": \"85d63b59e0ace173290fa0a29827eddd65bb5d66e610903bbad4420c338b809c\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Dictionary.app/Contents/MacOS/Dictionary\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":30231,"message":"{\"Application\": \"/Applications/Contacts.app\", \"module\": \"Applications\", \"App Hash\": \"8ca4b70162b001ca23c77f381101649750d306f684c8646dc231584e57ab0783\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Contacts.app/Contents/MacOS/Contacts\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Time Machine.app\", \"module\": \"Applications\", \"App Hash\": \"21d7852366d8deed020fd1299dff162e8de86a68e3a2828d1b5d3d1a6dd021f3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Time Machine.app/Contents/MacOS/Time Machine\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"offset":30639} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":31059,"message":"{\"Application\": \"/Applications/Utilities\", \"module\": \"Applications\", \"App Hash\": \"21d7852366d8deed020fd1299dff162e8de86a68e3a2828d1b5d3d1a6dd021f3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Time Machine.app/Contents/MacOS/Time Machine\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":31472,"message":"{\"Application\": \"/Applications/Font Book.app\", \"module\": \"Applications\", \"App Hash\": \"bd4f183e948eceadcbc899016a06d8b4a5b8ff6f9b17a86236bf035f8a76e0b3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Font Book.app/Contents/MacOS/Font Book\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":31883,"message":"{\"Application\": \"/Applications/FaceTime.app\", \"module\": \"Applications\", \"App Hash\": \"2b2d847841d19024d96b87c5fdf2c680f6175afcce6bd64b416ff0810e555ace\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/FaceTime.app/Contents/MacOS/FaceTime\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":32291,"message":"{\"Application\": \"/Applications/Maps.app\", \"module\": \"Applications\", \"App Hash\": \"fb4f140d7113177fcfb1f648cadb53c14f993413c1595a008eca5f6a51d65594\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Maps.app/Contents/MacOS/Maps\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":32687,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"message":"{\"Application\": \"/Applications/Mission Control.app\", \"module\": \"Applications\", \"App Hash\": \"ab3777237bd55d8c989753ed7e689f14d12080d8a0424c515be49fa51e20626d\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Mission Control.app/Contents/MacOS/Mission Control\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"message":"{\"Application\": \"/Applications/Stickies.app\", \"module\": \"Applications\", \"App Hash\": \"2d99b9eff803ae0f12f862e49f2acb61f366a20a297bf336af39dbdcd3a4ff77\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Stickies.app/Contents/MacOS/Stickies\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":33116} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":33524,"message":"{\"Application\": \"/Applications/Photos.app\", \"module\": \"Applications\", \"App Hash\": \"e5ba1e45ea442103882e56876d4c1ac134001e6ee01be3f91cc1fd55bc564226\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Photos.app/Contents/MacOS/Photos\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":33926,"message":"{\"Application\": \"/Applications/Messages.app\", \"module\": \"Applications\", \"App Hash\": \"ac927ae17bf5173a31a429be099b1fad74756c1130b96f0d9a3e643ea2e766b0\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Messages.app/Contents/MacOS/Messages\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64","name":"pedros-Mac.local"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":34334,"message":"{\"Application\": \"/Applications/Calculator.app\", \"module\": \"Applications\", \"App Hash\": \"e7edb05f935b66021a108082107523cef18d934a9c176cfdee16a81158a44cb7\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Calculator.app/Contents/MacOS/Calculator\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"offset":34748,"message":"{\"Application\": \"/Applications/VoiceMemos.app\", \"module\": \"Applications\", \"App Hash\": \"ad72e1623011457e03c8c662a0a18d1fbaaf44eec359d48413dd5bdb9517afbf\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/VoiceMemos.app/Contents/MacOS/VoiceMemos\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/iTunes.app\", \"module\": \"Applications\", \"App Hash\": \"94c3d7870dd1a865e2f27a64f9cbd3182424123ffec79c788ac98d37f0f009ee\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/iTunes.app/Contents/MacOS/iTunes\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":35162} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Launchpad.app\", \"module\": \"Applications\", \"App Hash\": \"3a24761426ebbb9c889c4cc806e9a241f296459cb243eec9e4492d70ef58f2d8\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Launchpad.app/Contents/MacOS/Launchpad\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":35564} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":35975,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"message":"{\"Application\": \"/Applications/Reminders.app\", \"module\": \"Applications\", \"App Hash\": \"ea8f7ca6790139d2dd7d2e72ad9a2b8153f0228ccb7c4f643006bbf69a66fc55\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Reminders.app/Contents/MacOS/Reminders\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":36386,"message":"{\"Application\": \"/Applications/App Store.app\", \"module\": \"Applications\", \"App Hash\": \"c895b9f090d52298539d3ad6f0e0c3a3c9d32517c9fa43e82c45617177c69b07\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/App Store.app/Contents/MacOS/App Store\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":36797,"message":"{\"Application\": \"/Applications/Automator.app\", \"module\": \"Applications\", \"App Hash\": \"05e9783f41567545e92e239ba629515eb8e6b6ba9d79cae3fb204dff2dd713a9\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Automator.app/Contents/MacOS/Automator\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":37208,"message":"{\"Application\": \"/Applications/Calendar.app\", \"module\": \"Applications\", \"App Hash\": \"6fbc168c2b14270aefb3ad1a73efea31a571600fe85c9344abc37d7a4f6ed64b\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Calendar.app/Contents/MacOS/Calendar\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/System Preferences.app\", \"module\": \"Applications\", \"App Hash\": \"bed7eeac83d232a0d090a4158b3a1872aaa8744235b8d6dcb7f933087258cff5\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/System Preferences.app/Contents/MacOS/System Preferences\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":37616} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":38054,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"1189641421\", \"Tapping Process Name\": \"/System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"334\", \"Module\": \"Event Taps\"}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":38296,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"596516649\", \"Tapping Process Name\": \"/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"315\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":38588,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"1649760492\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"False\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":38772,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"719885386\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"False\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"424238335\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":38955} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":39137,"message":"{\"Module\": \"Bash History\", \"user\": \"pedro\", \"bash_commands\": [\"diskutil list\", \"cd \", \"sudo -i\", \"ls /var/log/\", \"cd /var/log/osquery/\", \"ls\", \"ls -la\", \"clear\", \"clear\", \"cd\", \"clear\", \"sudo -i\", \"/tmp/\", \"clear\", \"sudo -i\", \"cd Downloads/\", \"ls\", \"cd filebeat-6.5.4-darwin-x86_64/\", \"sudo -i\", \"cd Downloads/\", \"ls\", \"clear\", \"ls\", \"cd filebeat-6.5.4-darwin-x86_64/\", \"ls\", \"nano filebeat\", \"nano filebeat.yml \", \"sudo -i\", \"\"]}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.086Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":0,"message":"{\"Hostname\": \"pedros-Mac.local\", \"users\": [\"daemon\", \"nobody\", \"pedro\", \"root\", \"\"], \"module\": \"Users\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.087Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"SIP Status\": \"enabled\", \"module\": \"System Intergrity Protection\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":104} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":204,"message":"{\"kernel\": \"18.2.0\", \"hostname\": \"pedros-Mac.local\", \"kernel_release\": \"xnu-4903.231.4~2/RELEASE_X86_64\", \"module\": \"System Info\"}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":335,"message":"{\"date\": \"2018-12-11T07:31:45\", \"packageIdentifiers\": [\"com.apple.pkg.Core\", \"com.apple.pkg.EmbeddedOSFirmware\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"SU_TITLE\", \"module\": \"Install History\"}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":537,"message":"{\"date\": \"2018-12-11T07:44:31\", \"packageIdentifiers\": [\"com.parallels.pkg.guestostools.audio\", \"com.parallels.pkg.guestostools.video\", \"com.parallels.pkg.guestostools.tg\", \"com.parallels.pkg.guestostools.network\", \"com.parallels.pkg.guestostools.hosttime\", \"com.parallels.pkg.guestostools.sf\", \"com.parallels.pkg.guestostools.ts\", \"com.parallels.pkg.guestostools.ut\", \"com.parallels.pkg.guestostools.coherence\", \"com.parallels.pkg.guestostools.iagent\", \"com.parallels.pkg.guestostools.copypaste\", \"com.parallels.pkg.guestostools.dragdrop\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Parallels Tools for Mac\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"message":"{\"date\": \"2018-12-11T08:13:23\", \"packageIdentifiers\": [\"com.apple.pkg.macOSUpdCombo10.13.6Auto.RecoveryHDUpdate.17G65\", \"com.apple.pkg.macOSBrain\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS High Sierra 10.13.6 Update\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":1181,"prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-11T08:13:23\", \"packageIdentifiers\": [\"com.apple.pkg.iTunesX\", \"com.apple.pkg.iTunesAccess\", \"com.apple.pkg.CoreFP\", \"com.apple.pkg.CoreADI\", \"com.apple.pkg.MobileDevice\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"iTunes\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":1442,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":1718,"message":"{\"date\": \"2018-12-11T08:21:34\", \"packageIdentifiers\": [\"com.apple.pkg.FirmwareUpdate\", \"com.apple.pkg.update.os.Combo10.13.6Auto.17G65\", \"com.apple.pkg.SecureBoot\", \"com.apple.pkg.EmbeddedOSFirmware\", \"com.apple.update.fullbundleupdate.17G65\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS High Sierra 10.13.6 Update\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":2075,"message":"{\"date\": \"2018-12-11T11:06:24\", \"packageIdentifiers\": [\"com.apple.pkg.Safari12.0.2HighSierraAuto\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Safari\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-11T11:06:24\", \"packageIdentifiers\": [\"com.apple.pkg.macOSBrain\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Security Update 2018-003\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":2261} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":2449,"message":"{\"date\": \"2018-12-11T18:36:42\", \"packageIdentifiers\": [\"com.apple.pkg.InstallAssistantAuto\", \"com.apple.pkg.InstallESDDmg\", \"com.apple.pkg.RecoveryHDMetaDmg\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS Mojave\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":2701,"message":"{\"date\": \"2018-12-11T19:01:35\", \"packageIdentifiers\": [\"com.apple.pkg.Core\", \"com.apple.pkg.EmbeddedOSFirmware\", \"com.apple.pkg.SecureBoot\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"SU_TITLE\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":2931,"message":"{\"date\": \"2018-12-13T10:15:59\", \"packageIdentifiers\": [\"com.apple.pkg.XProtectPlistConfigData.16U4040\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"XProtectPlistConfigData\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":3139,"message":"{\"date\": \"2018-12-13T10:16:01\", \"packageIdentifiers\": [\"com.apple.pkg.GatekeeperConfigData.16U1642\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Gatekeeper Configuration Data\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local"},"offset":3350,"message":"{\"date\": \"2018-12-13T10:16:14\", \"packageIdentifiers\": [\"com.apple.pkg.TCCConfigData.16U1640\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"TCC Configuration Data\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-13T10:16:26\", \"packageIdentifiers\": [\"com.apple.pkg.MRTConfigData.16U4046\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"MRTConfigData\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":3547} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"offset":3735,"message":"{\"date\": \"2018-12-13T10:45:39\", \"packageIdentifiers\": [\"com.facebook.osquery\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"osquery-3.3.0\", \"module\": \"Install History\"}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":3908,"message":"{\"date\": \"2018-12-13T10:47:27\", \"packageIdentifiers\": [\"ch.roe.xnumon\", \"ch.roe.kext.xnumon\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"xnumon\", \"module\": \"Install History\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":4089,"message":"{\"date\": \"2019-02-22T18:28:42\", \"packageIdentifiers\": [\"com.apple.pkg.GatekeeperConfigData.16U1679\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Gatekeeper Configuration Data\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"message":"{\"date\": \"2019-02-22T18:28:54\", \"packageIdentifiers\": [\"com.parallels.pkg.guestostools.audio\", \"com.parallels.pkg.guestostools.video\", \"com.parallels.pkg.guestostools.tg\", \"com.parallels.pkg.guestostools.network\", \"com.parallels.pkg.guestostools.hosttime\", \"com.parallels.pkg.guestostools.sf\", \"com.parallels.pkg.guestostools.ts\", \"com.parallels.pkg.guestostools.ut\", \"com.parallels.pkg.guestostools.coherence\", \"com.parallels.pkg.guestostools.iagent\", \"com.parallels.pkg.guestostools.copypaste\", \"com.parallels.pkg.guestostools.dragdrop\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Parallels Tools for Mac\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":4300} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":4944,"message":"{\"date\": \"2019-02-22T18:29:24\", \"packageIdentifiers\": [\"com.apple.pkg.MRTConfigData.16U4050\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"MRTConfigData\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":5132,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Gatekeeper Status\", \"Gatekeeper Status\": \"assessments enabled\\n\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"offset":5242,"message":"{\"Process Name\": \"apsd\", \"Process ID\": \"390\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49172-\u003e17.249.172.94:5223\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Process Name\": \"apsd\", \"Process ID\": \"390\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49172-\u003e17.249.172.94:5223\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":5454} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"TERM\": \"xterm-256color\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":5666} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":5760,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SSH_AUTH_SOCK\": \"/private/tmp/com.apple.launchd.B3dIjdIaHW/Listeners\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":5900,"message":"{\"PATH\": \"/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":6024,"message":"{\"LANG\": \"en_US.UTF-8\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":6115,"message":"{\"HOME\": \"/Users/pedro\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":6207,"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64","name":"pedros-Mac.local"},"message":"{\"MAIL\": \"/var/mail/root\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"LOGNAME\": \"root\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","offset":6301,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":6388,"message":"{\"Hostname\": \"pedros-Mac.local\", \"USER\": \"root\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":6472,"message":"{\"USERNAME\": \"root\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":6560,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SHELL\": \"/bin/sh\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"SUDO_COMMAND\": \"/usr/bin/python /Users/pedro/Desktop/Venator.py -d /tmp/\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":6648} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":6792,"message":"{\"SUDO_USER\": \"pedro\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"SUDO_UID\": \"501\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","offset":6882,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":6969,"message":"{\"SUDO_GID\": \"20\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"host":{"architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":7055,"message":"{\"__CF_USER_TEXT_ENCODING\": \"0x0:0:0\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64","name":"pedros-Mac.local"},"offset":7161,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\", \"VERSIONER_PYTHON_VERSION\": \"2.7\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":7264,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"message":"{\"Hostname\": \"pedros-Mac.local\", \"VERSIONER_PYTHON_PREFER_32_BIT\": \"no\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":7372,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":7440,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Periodic Scripts\", \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"]}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Periodic Scripts\", \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"], \"/etc/periodic/weekly/\": [\"320.whatis\", \"999.local\"]}","source":"/tmp/pedros-Mac.local.json","offset":7692,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":7998,"message":"{\"/etc/periodic/monthly/\": [\"199.rotate-fax\", \"999.local\", \"200.accounting\"], \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"], \"Hostname\": \"pedros-Mac.local\", \"/etc/periodic/weekly/\": [\"320.whatis\", \"999.local\"], \"module\": \"Periodic Scripts\"}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"module\": \"Cron Jobs\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":8381} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":8491,"message":"{\"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"module\": \"Cron Jobs\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":8655,"message":"{\"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"module\": \"Cron Jobs\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":8871,"message":"{\"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"root\": [\"crontab: no crontab for root\\n\", null], \"module\": \"Cron Jobs\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"\": [\"crontab: user `' unknown\\n\", null], \"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"root\": [\"crontab: no crontab for root\\n\", null], \"module\": \"Cron Jobs\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":9137} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":9445,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Emond Rules\", \"/etc/emond.d/rules/SampleRules.plist\": [{\"name\": \"sample rule\", \"allowPartialCriterionMatch\": false, \"enabled\": false, \"actions\": [{\"logLevel\": \"Notice\", \"logType\": \"syslog\", \"message\": \"Event Monitor started at ${builtin:now}\", \"type\": \"Log\"}], \"criterion\": [{\"operator\": \"True\"}], \"eventTypes\": [\"startup\"]}]}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":9816,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/dynres\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"9264fcec329d0be901973f7469afd187856d047f51840558d938a256921192d3\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.DynresHelper\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/dynres\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.DynresHelper.plist\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":10338,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/prlfs_desktop.sh\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"a4e067967acd4120b0ad1925c31987a1e672cee35fef846c0fe22921eee0ab0d\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.vm.sharedfolders.desktop\", \"Program Arguments\": \"'/Library/Parallels Guest Tools/prlfs_desktop.sh'\", \"Program\": \"None\", \"Executable Hash\": \"382727143bd3e1a9d82bac85f6ff7a6962d1bbc7c5c16a68733e0f27e594032b\", \"Path\": \"/Library/LaunchAgents/com.parallels.vm.sharedfolders.desktop.plist\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":10947,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/prldragdrop\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"6cadda04967edec8818405617ad627efef8ffd6614e09ed9eff666200b86c8cb\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.dragdrop\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/prldragdrop\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.dragdrop.plist\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":11471,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/coherence\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"435edf3ca7ddbf4ca91f40ac10327cb1f66676bf6ab909a042287ed8ed3d6eb5\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.coherence\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/coherence\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.coherence.plist\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Executable\": \"/Library/Parallels Guest Tools/apphelper\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"e7e8652328c96832cfab914b4c9c6cac3ca446e58e11e48adf48bee99218a376\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.iagent\", \"Program Arguments\": \"'/Library/Parallels Guest Tools/apphelper', 'ptiagent'\", \"Program\": \"None\", \"Executable Hash\": \"a83b7633e5982d521c3330a54beba3b17a20dbfed567411484e56b311709b01d\", \"Path\": \"/Library/LaunchAgents/com.parallels.iagent.plist\"}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":11993} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":12564,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"Executable\": \"/Library/Parallels Guest Tools/copypaste\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"84b3cbf2d559efe52f3480834a516fe13d9e450c4fa7cee3d0b22415cc070a66\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.copypaste\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/copypaste\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.copypaste.plist\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":13086,"message":"{\"Program Arguments\": \"['/usr/local/sbin/xnumon', '-d']\", \"Executable\": \"/usr/local/sbin/xnumon\", \"Program\": \"/usr/local/sbin/xnumon\", \"hash\": \"ccd1b402cf7db9b544b1d7bc93e4c64adbba3b7ebfc9ada5c7afa1a2f7f0d095\", \"Executable Hash\": \"5ad746178928803c53fc7ce7729e186249cdce96581f258a74da0cce74d486e7\", \"Path\": \"/Library/LaunchDaemons/ch.roe.xnumon.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"ch.roe.xnumon\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/timesync']\", \"Executable\": \"/Library/Parallels Guest Tools/timesync\", \"Program\": \"None\", \"hash\": \"fbc6f396850a32032d48998dd7baa863d0f7cdf9dae1be77936ed83631fc1743\", \"Executable Hash\": \"94f43cc60b229e5927724a6f09eaec7fcad108303b9a8674e558f40f87efef15\", \"Path\": \"/Library/LaunchDaemons/com.parallels.TimeSync.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.TimeSync\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":13524} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"message":"{\"Program Arguments\": \"['/usr/local/bin/osqueryd', '--flagfile=/private/var/osquery/osquery.flags']\", \"Executable\": \"/usr/local/bin/osqueryd\", \"Program\": \"None\", \"hash\": \"a8f69ec43386f17fb05416170b6103c2c09fb97d5f1cebe900ce81b42b1e9c9e\", \"Executable Hash\": \"10e78f5d173499e340c3582eeded49bbadde83f515e501d8a37a270d87138f56\", \"Path\": \"/Library/LaunchDaemons/com.facebook.osqueryd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.facebook.osqueryd\"}","source":"/tmp/pedros-Mac.local.json","offset":13990,"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":14471,"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"message":"{\"Program Arguments\": \"['/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMessageTracer']\", \"Executable\": \"/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMessageTracer\", \"Program\": \"None\", \"hash\": \"120fb9acd8820b3459fdd179929a8f07bd7a9197eb45a45cc2c6dac8df2b94c1\", \"Executable Hash\": \"612574af8f160120fde32b53ce47ffe372a40267bfdb0c2f3e08aa59322b9f52\", \"Path\": \"/Library/LaunchDaemons/com.apple.installer.osmessagetracing.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.apple.installer.osmessagetracing\"}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/prl_fsd', '/Volumes/SharedFolders', '--share']\", \"Executable\": \"/Library/Parallels Guest Tools/prl_fsd\", \"Program\": \"None\", \"hash\": \"2ca857c31b98d19f929f5226e8a9396af13e0a3d81bb799ee7906b4d8ba7a1a1\", \"Executable Hash\": \"1c6ee9620475711ffb75bc44428d9499eb50ff735d9241bccb669fe3c0ba37b3\", \"Path\": \"/Library/LaunchDaemons/com.parallels.vm.prl_fsd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.vm.prl_fsd\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"offset":15049} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":15554,"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/prltoolsd']\", \"Executable\": \"/Library/Parallels Guest Tools/prltoolsd\", \"Program\": \"None\", \"hash\": \"d0c3be9808df1607155cd38bee880dab2a6a367370355d9072040ce45776a98f\", \"Executable Hash\": \"6b7fab3dfbff44ad08e557edf46bd4185f4d33bb3a9db5b419eeee6e5ed7820d\", \"Path\": \"/Library/LaunchDaemons/com.parallels.vm.prltoolsd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.vm.prltoolsd\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOExpressSASHBA2\", \"CFBundleExecutable\": \"ATTOExpressSASHBA2\", \"CFBundleName\": \"ATTOExpressSASHBA2\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOExpressSASHBA2.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO ExpressSAS HBA Driver 2.61.0f1 Copyright 2008-2018, ATTO Technology, Inc.\"}","source":"/tmp/pedros-Mac.local.json","offset":16030,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":16457,"message":"{\"CFBundleIdentifier\": \"com.parallels.tools.ga\", \"CFBundleExecutable\": \"prl_video_ga\", \"CFBundleName\": \"Parallels Graphics Accelerator Plugin\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_video_ga.plugin/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.video\", \"CFBundleExecutable\": \"prl_video\", \"CFBundleName\": \"Parallels Framebuffer Driver\", \"OSBundleRequired\": \"Safe Boot\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_video.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}","source":"/tmp/pedros-Mac.local.json","offset":16851,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":17237,"message":"{\"CFBundleIdentifier\": \"com.Accusys.driver.Acxxx\", \"CFBundleExecutable\": \"ACS6x\", \"CFBundleName\": \"ACS6x\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ACS6x.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ACS6x 3.5.3 Copyright (c) 2004-2017 Accusys, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":17586,"message":"{\"CFBundleIdentifier\": \"com.softraid.driver.SoftRAID\", \"CFBundleExecutable\": \"SoftRAID\", \"CFBundleName\": \"SoftRAID\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/SoftRAID.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"SoftRAID version 5.6.6, Copyright \\u00a9 2002-18 Other World Computing, Inc. All rights reserved.\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":17989,"message":"{\"CFBundleIdentifier\": \"com.highpoint-tech.kext.HighPointIOP\", \"CFBundleExecutable\": \"HighPointIOP\", \"CFBundleName\": \"HighPointIOP\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/HighPointIOP.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 4.4.1, Copyright (c) 2015 HighPoint Technologies, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":18385,"message":"{\"CFBundleIdentifier\": \"com.CalDigit.driver.HDPro\", \"CFBundleExecutable\": \"CalDigitHDProDrv\", \"CFBundleName\": \"CalDigitHDProDrv\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/CalDigitHDProDrv.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"CalDigitHDProDrv 2.1.2 Copyright (c) 2004-2009 CalDigit, Inc.\"}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":18780,"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.eth\", \"CFBundleExecutable\": \"prl_eth\", \"CFBundleName\": null, \"OSBundleRequired\": \"Network-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_eth.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": null}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":19083,"message":"{\"CFBundleIdentifier\": \"com.parallels.driver.AppleIntelAC97Controller\", \"CFBundleExecutable\": \"AppleIntelAC97Controller\", \"CFBundleName\": \"Intel AC97 Controller Driver\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/AppleIntelAC97Controller.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version 1.1.0, Copyright 2002-2003 Apple Computer, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":19512,"message":"{\"CFBundleIdentifier\": \"com.highpoint-tech.kext.HighPointRR\", \"CFBundleExecutable\": \"HighPointRR\", \"CFBundleName\": \"HighPointRR\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/HighPointRR.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 4.13.6, Copyright (c) 2017 HighPoint Technologies, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":19905,"message":"{\"CFBundleIdentifier\": \"com.Areca.ArcMSR\", \"CFBundleExecutable\": \"ArcMSR\", \"CFBundleName\": \"ArcMSR\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ArcMSR.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Areca Driver 1.3.9\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":20218,"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOCelerityFC8\", \"CFBundleExecutable\": \"ATTOCelerityFC8\", \"CFBundleName\": \"ATTOCelerityFC8\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOCelerityFC8.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO Celerity FC Driver 3.26.0f1 Copyright 2008-2018, ATTO Technology, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":20630,"message":"{\"CFBundleIdentifier\": \"ch.roe.kext.xnumon\", \"CFBundleExecutable\": \"xnumon\", \"CFBundleName\": \"xnumon\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/xnumon.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": null}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":20921,"message":"{\"CFBundleIdentifier\": \"com.promise.driver.stex\", \"CFBundleExecutable\": \"PromiseSTEX\", \"CFBundleName\": \"PromiseSTEX\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/PromiseSTEX.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 6.2.9, Copyright (c) 2010-2017 Promise Technology, Inc.\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":21302,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.tg\", \"CFBundleExecutable\": \"prl_tg\", \"CFBundleName\": \"prl_tg\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_tg.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":21650,"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOExpressSASRAID2\", \"CFBundleExecutable\": \"ATTOExpressSASRAID2\", \"CFBundleName\": \"ATTOExpressSASRAID2\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOExpressSASRAID2.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO ExpressSAS RAID Driver 3.76 Copyright 2009-2016, ATTO Technology, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"offset":22078,"message":"{\"CFBundleIdentifier\": \"com.parallels.driver.AppleIntelAC97Audio\", \"CFBundleExecutable\": \"AppleIntelAC97Audio\", \"CFBundleName\": \"Intel AC97 Audio Driver\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/AppleIntelAC97Audio.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version 1.1.0, Copyright 2002-2003 Apple Computer, Inc.\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Siri.app\", \"module\": \"Applications\", \"App Hash\": \"659ce5b6f49531752edfd1b202a11a01d9cbe579e95e521d19f1b3fdbc0cb004\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Siri.app/Contents/MacOS/Siri\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":22487,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":22883,"message":"{\"Application\": \"/Applications/QuickTime Player.app\", \"module\": \"Applications\", \"App Hash\": \"9f925e75b5363a9d91ac2f70f6576eacf98bcb396e3a85bb2e419f7cea0113c9\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/QuickTime Player.app/Contents/MacOS/QuickTime Player\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Chess.app\", \"module\": \"Applications\", \"App Hash\": \"615b1feb2bbd494aed09591672a7f931af687cad1e8c644c2160004648f62050\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Chess.app/Contents/MacOS/Chess\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":23315} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":23714,"message":"{\"Application\": \"/Applications/Photo Booth.app\", \"module\": \"Applications\", \"App Hash\": \"c26dd0b8cce3f53ab2c93c542ca7fffd8d4bf5bafa19c4201c2ad819bcddba2a\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Photo Booth.app/Contents/MacOS/Photo Booth\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Books.app\", \"module\": \"Applications\", \"App Hash\": \"4a75c9f5efdb87c88eb59b980bac2ffd10e534c8a034786ff3ae6030e9f9cf01\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Books.app/Contents/MacOS/Books\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":24131} | |
| {"@timestamp":"2019-02-25T12:53:31.097Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"message":"{\"Application\": \"/Applications/.DS_Store\", \"module\": \"Applications\", \"App Hash\": \"4a75c9f5efdb87c88eb59b980bac2ffd10e534c8a034786ff3ae6030e9f9cf01\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Books.app/Contents/MacOS/Books\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":24530,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:31.097Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"message":"{\"Application\": \"/Applications/Notes.app\", \"module\": \"Applications\", \"App Hash\": \"67e7e537427584acc50f0cd34d141f08c20796ea42073509299a9e73c9ec4fff\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Notes.app/Contents/MacOS/Notes\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":24929,"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:31.097Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":25328,"message":"{\"Application\": \"/Applications/Image Capture.app\", \"module\": \"Applications\", \"App Hash\": \"1c5fac3acbe9dc846926c39762cb41a5c0e14160eb6b1ecae903d08c2d186c32\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Image Capture.app/Contents/MacOS/Image Capture\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:31.097Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":25751,"message":"{\"Application\": \"/Applications/Home.app\", \"module\": \"Applications\", \"App Hash\": \"36e01c95cd54d08aa3f320e9338564bd4c532da9e78344eeb6ed9ff62f521045\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Home.app/Contents/MacOS/Home\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:53:31.097Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/.localized\", \"module\": \"Applications\", \"App Hash\": \"36e01c95cd54d08aa3f320e9338564bd4c532da9e78344eeb6ed9ff62f521045\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Home.app/Contents/MacOS/Home\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"offset":26147} | |
| {"@timestamp":"2019-02-25T12:53:31.097Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":26545,"input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"message":"{\"Application\": \"/Applications/Preview.app\", \"module\": \"Applications\", \"App Hash\": \"0f9d95339af191875392222af88fa151f937eddb3c02f81a5024e4bb7022709d\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Preview.app/Contents/MacOS/Preview\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:53:31.097Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":26950,"message":"{\"Application\": \"/Applications/Dashboard.app\", \"module\": \"Applications\", \"App Hash\": \"d16b45973a6329296ada0e0d8dc413a00f8f2c95cc472b3eb36fd1a7080ed9a7\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Dashboard.app/Contents/MacOS/Dashboard\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:53:31.097Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":27361,"message":"{\"Application\": \"/Applications/News.app\", \"module\": \"Applications\", \"App Hash\": \"91733567592d94d416d995e1c858ac9f3b8f094d89eeca145ff590bfdac7782b\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/News.app/Contents/MacOS/News\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:53:31.097Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":27757,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"message":"{\"Application\": \"/Applications/TextEdit.app\", \"module\": \"Applications\", \"App Hash\": \"7b3f956664bd79dece5bbb4087b46968e7f2fd8773b1e0178be845d40e4116de\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/TextEdit.app/Contents/MacOS/TextEdit\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:31.097Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":28165,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"Application\": \"/Applications/Stocks.app\", \"module\": \"Applications\", \"App Hash\": \"79f68b48a37f052997f5f9c773b5167ed582bbb78fb04d5ad25c131de54859dd\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Stocks.app/Contents/MacOS/Stocks\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:34.104Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":28567,"message":"{\"Application\": \"/Applications/Mail.app\", \"module\": \"Applications\", \"App Hash\": \"c5a5ccd6364304e0e2ffa765d80a32a3518d5f2127e4b064a80d71f64d28126a\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Mail.app/Contents/MacOS/Mail\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:53:34.104Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":28963,"message":"{\"Application\": \"/Applications/Safari.app\", \"module\": \"Applications\", \"App Hash\": \"fc635209818abaa4ae37b54c6efad8b5b58c80ba6b7f29e05bee30289fd8dd49\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Safari.app/Contents/MacOS/Safari\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:34.104Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":29365,"message":"{\"Application\": \"/Applications/Dictionary.app\", \"module\": \"Applications\", \"App Hash\": \"85d63b59e0ace173290fa0a29827eddd65bb5d66e610903bbad4420c338b809c\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Dictionary.app/Contents/MacOS/Dictionary\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:34.104Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":29779,"message":"{\"Application\": \"/Applications/Contacts.app\", \"module\": \"Applications\", \"App Hash\": \"8ca4b70162b001ca23c77f381101649750d306f684c8646dc231584e57ab0783\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Contacts.app/Contents/MacOS/Contacts\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:34.104Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":30187,"message":"{\"Application\": \"/Applications/Time Machine.app\", \"module\": \"Applications\", \"App Hash\": \"21d7852366d8deed020fd1299dff162e8de86a68e3a2828d1b5d3d1a6dd021f3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Time Machine.app/Contents/MacOS/Time Machine\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:34.104Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":30607,"message":"{\"Application\": \"/Applications/Utilities\", \"module\": \"Applications\", \"App Hash\": \"21d7852366d8deed020fd1299dff162e8de86a68e3a2828d1b5d3d1a6dd021f3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Time Machine.app/Contents/MacOS/Time Machine\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:53:34.104Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":31020,"message":"{\"Application\": \"/Applications/Font Book.app\", \"module\": \"Applications\", \"App Hash\": \"bd4f183e948eceadcbc899016a06d8b4a5b8ff6f9b17a86236bf035f8a76e0b3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Font Book.app/Contents/MacOS/Font Book\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:34.104Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/FaceTime.app\", \"module\": \"Applications\", \"App Hash\": \"2b2d847841d19024d96b87c5fdf2c680f6175afcce6bd64b416ff0810e555ace\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/FaceTime.app/Contents/MacOS/FaceTime\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local"},"offset":31431} | |
| {"@timestamp":"2019-02-25T12:53:34.104Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":31839,"message":"{\"Application\": \"/Applications/Maps.app\", \"module\": \"Applications\", \"App Hash\": \"fb4f140d7113177fcfb1f648cadb53c14f993413c1595a008eca5f6a51d65594\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Maps.app/Contents/MacOS/Maps\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:34.104Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Mission Control.app\", \"module\": \"Applications\", \"App Hash\": \"ab3777237bd55d8c989753ed7e689f14d12080d8a0424c515be49fa51e20626d\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Mission Control.app/Contents/MacOS/Mission Control\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":32235} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":32664,"message":"{\"Application\": \"/Applications/Stickies.app\", \"module\": \"Applications\", \"App Hash\": \"2d99b9eff803ae0f12f862e49f2acb61f366a20a297bf336af39dbdcd3a4ff77\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Stickies.app/Contents/MacOS/Stickies\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Photos.app\", \"module\": \"Applications\", \"App Hash\": \"e5ba1e45ea442103882e56876d4c1ac134001e6ee01be3f91cc1fd55bc564226\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Photos.app/Contents/MacOS/Photos\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":33072,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"Application\": \"/Applications/Messages.app\", \"module\": \"Applications\", \"App Hash\": \"ac927ae17bf5173a31a429be099b1fad74756c1130b96f0d9a3e643ea2e766b0\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Messages.app/Contents/MacOS/Messages\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":33474,"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":33882,"message":"{\"Application\": \"/Applications/Calculator.app\", \"module\": \"Applications\", \"App Hash\": \"e7edb05f935b66021a108082107523cef18d934a9c176cfdee16a81158a44cb7\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Calculator.app/Contents/MacOS/Calculator\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":34296,"message":"{\"Application\": \"/Applications/VoiceMemos.app\", \"module\": \"Applications\", \"App Hash\": \"ad72e1623011457e03c8c662a0a18d1fbaaf44eec359d48413dd5bdb9517afbf\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/VoiceMemos.app/Contents/MacOS/VoiceMemos\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"offset":34710,"message":"{\"Application\": \"/Applications/iTunes.app\", \"module\": \"Applications\", \"App Hash\": \"94c3d7870dd1a865e2f27a64f9cbd3182424123ffec79c788ac98d37f0f009ee\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/iTunes.app/Contents/MacOS/iTunes\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":35112,"message":"{\"Application\": \"/Applications/Launchpad.app\", \"module\": \"Applications\", \"App Hash\": \"3a24761426ebbb9c889c4cc806e9a241f296459cb243eec9e4492d70ef58f2d8\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Launchpad.app/Contents/MacOS/Launchpad\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":35523,"message":"{\"Application\": \"/Applications/Reminders.app\", \"module\": \"Applications\", \"App Hash\": \"ea8f7ca6790139d2dd7d2e72ad9a2b8153f0228ccb7c4f643006bbf69a66fc55\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Reminders.app/Contents/MacOS/Reminders\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":35934,"message":"{\"Application\": \"/Applications/App Store.app\", \"module\": \"Applications\", \"App Hash\": \"c895b9f090d52298539d3ad6f0e0c3a3c9d32517c9fa43e82c45617177c69b07\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/App Store.app/Contents/MacOS/App Store\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":36345,"message":"{\"Application\": \"/Applications/Automator.app\", \"module\": \"Applications\", \"App Hash\": \"05e9783f41567545e92e239ba629515eb8e6b6ba9d79cae3fb204dff2dd713a9\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Automator.app/Contents/MacOS/Automator\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":36756,"message":"{\"Application\": \"/Applications/Calendar.app\", \"module\": \"Applications\", \"App Hash\": \"6fbc168c2b14270aefb3ad1a73efea31a571600fe85c9344abc37d7a4f6ed64b\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Calendar.app/Contents/MacOS/Calendar\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"message":"{\"Application\": \"/Applications/System Preferences.app\", \"module\": \"Applications\", \"App Hash\": \"bed7eeac83d232a0d090a4158b3a1872aaa8744235b8d6dcb7f933087258cff5\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/System Preferences.app/Contents/MacOS/System Preferences\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":37164,"prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":37602,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"1189641421\", \"Tapping Process Name\": \"/System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"334\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":37844,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"596516649\", \"Tapping Process Name\": \"/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"315\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":38136,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"1649760492\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"False\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":38320,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"719885386\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"False\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"424238335\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":38503} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":38685,"message":"{\"Module\": \"Bash History\", \"user\": \"pedro\", \"bash_commands\": [\"diskutil list\", \"cd \", \"sudo -i\", \"ls /var/log/\", \"cd /var/log/osquery/\", \"ls\", \"ls -la\", \"clear\", \"clear\", \"cd\", \"clear\", \"sudo -i\", \"/tmp/\", \"clear\", \"sudo -i\", \"cd Downloads/\", \"ls\", \"cd filebeat-6.5.4-darwin-x86_64/\", \"sudo -i\", \"cd Downloads/\", \"ls\", \"clear\", \"ls\", \"cd filebeat-6.5.4-darwin-x86_64/\", \"ls\", \"nano filebeat\", \"nano filebeat.yml \", \"sudo -i\", \"\"]}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:01:21.874Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":0,"message":"{\"Hostname\": \"pedros-Mac.local\", \"users\": [\"daemon\", \"nobody\", \"pedro\", \"root\", \"\"], \"module\": \"Users\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"Hostname\": \"pedros-Mac.local\", \"SIP Status\": \"enabled\", \"module\": \"System Intergrity Protection\"}","source":"/tmp/pedros-Mac.local.json","offset":104,"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"kernel\": \"18.2.0\", \"hostname\": \"pedros-Mac.local\", \"kernel_release\": \"xnu-4903.231.4~2/RELEASE_X86_64\", \"module\": \"System Info\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":204} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"offset":335,"message":"{\"date\": \"2018-12-11T07:31:45\", \"packageIdentifiers\": [\"com.apple.pkg.Core\", \"com.apple.pkg.EmbeddedOSFirmware\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"SU_TITLE\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":537,"message":"{\"date\": \"2018-12-11T07:44:31\", \"packageIdentifiers\": [\"com.parallels.pkg.guestostools.audio\", \"com.parallels.pkg.guestostools.video\", \"com.parallels.pkg.guestostools.tg\", \"com.parallels.pkg.guestostools.network\", \"com.parallels.pkg.guestostools.hosttime\", \"com.parallels.pkg.guestostools.sf\", \"com.parallels.pkg.guestostools.ts\", \"com.parallels.pkg.guestostools.ut\", \"com.parallels.pkg.guestostools.coherence\", \"com.parallels.pkg.guestostools.iagent\", \"com.parallels.pkg.guestostools.copypaste\", \"com.parallels.pkg.guestostools.dragdrop\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Parallels Tools for Mac\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-11T08:13:23\", \"packageIdentifiers\": [\"com.apple.pkg.macOSUpdCombo10.13.6Auto.RecoveryHDUpdate.17G65\", \"com.apple.pkg.macOSBrain\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS High Sierra 10.13.6 Update\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local"},"offset":1181} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-11T08:13:23\", \"packageIdentifiers\": [\"com.apple.pkg.iTunesX\", \"com.apple.pkg.iTunesAccess\", \"com.apple.pkg.CoreFP\", \"com.apple.pkg.CoreADI\", \"com.apple.pkg.MobileDevice\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"iTunes\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":1442} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":1718,"message":"{\"date\": \"2018-12-11T08:21:34\", \"packageIdentifiers\": [\"com.apple.pkg.FirmwareUpdate\", \"com.apple.pkg.update.os.Combo10.13.6Auto.17G65\", \"com.apple.pkg.SecureBoot\", \"com.apple.pkg.EmbeddedOSFirmware\", \"com.apple.update.fullbundleupdate.17G65\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS High Sierra 10.13.6 Update\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":2075,"message":"{\"date\": \"2018-12-11T11:06:24\", \"packageIdentifiers\": [\"com.apple.pkg.Safari12.0.2HighSierraAuto\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Safari\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local","architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":2261,"message":"{\"date\": \"2018-12-11T11:06:24\", \"packageIdentifiers\": [\"com.apple.pkg.macOSBrain\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Security Update 2018-003\", \"module\": \"Install History\"}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":2449,"message":"{\"date\": \"2018-12-11T18:36:42\", \"packageIdentifiers\": [\"com.apple.pkg.InstallAssistantAuto\", \"com.apple.pkg.InstallESDDmg\", \"com.apple.pkg.RecoveryHDMetaDmg\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS Mojave\", \"module\": \"Install History\"}"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":2701,"message":"{\"date\": \"2018-12-11T19:01:35\", \"packageIdentifiers\": [\"com.apple.pkg.Core\", \"com.apple.pkg.EmbeddedOSFirmware\", \"com.apple.pkg.SecureBoot\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"SU_TITLE\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":2931,"message":"{\"date\": \"2018-12-13T10:15:59\", \"packageIdentifiers\": [\"com.apple.pkg.XProtectPlistConfigData.16U4040\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"XProtectPlistConfigData\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":3139,"message":"{\"date\": \"2018-12-13T10:16:01\", \"packageIdentifiers\": [\"com.apple.pkg.GatekeeperConfigData.16U1642\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Gatekeeper Configuration Data\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local","architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":3350,"message":"{\"date\": \"2018-12-13T10:16:14\", \"packageIdentifiers\": [\"com.apple.pkg.TCCConfigData.16U1640\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"TCC Configuration Data\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":3547,"message":"{\"date\": \"2018-12-13T10:16:26\", \"packageIdentifiers\": [\"com.apple.pkg.MRTConfigData.16U4046\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"MRTConfigData\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-13T10:45:39\", \"packageIdentifiers\": [\"com.facebook.osquery\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"osquery-3.3.0\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":3735} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"message":"{\"date\": \"2018-12-13T10:47:27\", \"packageIdentifiers\": [\"ch.roe.xnumon\", \"ch.roe.kext.xnumon\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"xnumon\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":3908,"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":4089,"message":"{\"date\": \"2019-02-22T18:28:42\", \"packageIdentifiers\": [\"com.apple.pkg.GatekeeperConfigData.16U1679\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Gatekeeper Configuration Data\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":4300,"message":"{\"date\": \"2019-02-22T18:28:54\", \"packageIdentifiers\": [\"com.parallels.pkg.guestostools.audio\", \"com.parallels.pkg.guestostools.video\", \"com.parallels.pkg.guestostools.tg\", \"com.parallels.pkg.guestostools.network\", \"com.parallels.pkg.guestostools.hosttime\", \"com.parallels.pkg.guestostools.sf\", \"com.parallels.pkg.guestostools.ts\", \"com.parallels.pkg.guestostools.ut\", \"com.parallels.pkg.guestostools.coherence\", \"com.parallels.pkg.guestostools.iagent\", \"com.parallels.pkg.guestostools.copypaste\", \"com.parallels.pkg.guestostools.dragdrop\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Parallels Tools for Mac\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":4944,"message":"{\"date\": \"2019-02-22T18:29:24\", \"packageIdentifiers\": [\"com.apple.pkg.MRTConfigData.16U4050\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"MRTConfigData\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":5132,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Gatekeeper Status\", \"Gatekeeper Status\": \"assessments enabled\\n\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local","architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":5242,"message":"{\"Process Name\": \"apsd\", \"Process ID\": \"390\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49172-\u003e17.249.172.94:5223\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"message":"{\"Process Name\": \"apsd\", \"Process ID\": \"390\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49172-\u003e17.249.172.94:5223\"}","source":"/tmp/pedros-Mac.local.json","offset":5454,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":5666,"message":"{\"Process Name\": \"filebeat\", \"Process ID\": \"2802\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49315-\u003e172.16.250.152:XmlIpcRegSvc\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":5892,"message":"{\"Process Name\": \"filebeat\", \"Process ID\": \"2802\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49316-\u003e172.16.250.152:XmlIpcRegSvc\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":6118,"message":"{\"TERM\": \"xterm-256color\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":6212,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SSH_AUTH_SOCK\": \"/private/tmp/com.apple.launchd.B3dIjdIaHW/Listeners\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":6352,"message":"{\"PATH\": \"/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":6476,"message":"{\"LANG\": \"en_US.UTF-8\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":6567,"message":"{\"HOME\": \"/Users/pedro\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"MAIL\": \"/var/mail/root\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":6659} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"LOGNAME\": \"root\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":6753} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":6840,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"message":"{\"Hostname\": \"pedros-Mac.local\", \"USER\": \"root\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"USERNAME\": \"root\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":6924} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":7012,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SHELL\": \"/bin/sh\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":7100,"message":"{\"SUDO_COMMAND\": \"/usr/bin/python /Users/pedro/Desktop/Venator.py -d /tmp/\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":7244,"message":"{\"SUDO_USER\": \"pedro\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":7334,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SUDO_UID\": \"501\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"offset":7421,"message":"{\"SUDO_GID\": \"20\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":7507,"message":"{\"__CF_USER_TEXT_ENCODING\": \"0x0:0:0\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":7613,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\", \"VERSIONER_PYTHON_VERSION\": \"2.7\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":7716,"message":"{\"Hostname\": \"pedros-Mac.local\", \"VERSIONER_PYTHON_PREFER_32_BIT\": \"no\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":7824,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":7892,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Periodic Scripts\", \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"]}"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Periodic Scripts\", \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"], \"/etc/periodic/weekly/\": [\"320.whatis\", \"999.local\"]}","source":"/tmp/pedros-Mac.local.json","offset":8144,"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":8450,"message":"{\"/etc/periodic/monthly/\": [\"199.rotate-fax\", \"999.local\", \"200.accounting\"], \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"], \"Hostname\": \"pedros-Mac.local\", \"/etc/periodic/weekly/\": [\"320.whatis\", \"999.local\"], \"module\": \"Periodic Scripts\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":8833,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"module\": \"Cron Jobs\"}"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":8943,"message":"{\"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"module\": \"Cron Jobs\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"offset":9107,"message":"{\"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"module\": \"Cron Jobs\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"root\": [\"crontab: no crontab for root\\n\", null], \"module\": \"Cron Jobs\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"offset":9323} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":9589,"message":"{\"\": [\"crontab: user `' unknown\\n\", null], \"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"root\": [\"crontab: no crontab for root\\n\", null], \"module\": \"Cron Jobs\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Emond Rules\", \"/etc/emond.d/rules/SampleRules.plist\": [{\"name\": \"sample rule\", \"allowPartialCriterionMatch\": false, \"enabled\": false, \"actions\": [{\"logLevel\": \"Notice\", \"logType\": \"syslog\", \"message\": \"Event Monitor started at ${builtin:now}\", \"type\": \"Log\"}], \"criterion\": [{\"operator\": \"True\"}], \"eventTypes\": [\"startup\"]}]}","source":"/tmp/pedros-Mac.local.json","offset":9897,"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"offset":10268,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/dynres\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"9264fcec329d0be901973f7469afd187856d047f51840558d938a256921192d3\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.DynresHelper\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/dynres\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.DynresHelper.plist\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":10790,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/prlfs_desktop.sh\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"a4e067967acd4120b0ad1925c31987a1e672cee35fef846c0fe22921eee0ab0d\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.vm.sharedfolders.desktop\", \"Program Arguments\": \"'/Library/Parallels Guest Tools/prlfs_desktop.sh'\", \"Program\": \"None\", \"Executable Hash\": \"382727143bd3e1a9d82bac85f6ff7a6962d1bbc7c5c16a68733e0f27e594032b\", \"Path\": \"/Library/LaunchAgents/com.parallels.vm.sharedfolders.desktop.plist\"}"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Executable\": \"/Library/Parallels Guest Tools/prldragdrop\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"6cadda04967edec8818405617ad627efef8ffd6614e09ed9eff666200b86c8cb\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.dragdrop\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/prldragdrop\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.dragdrop.plist\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":11399} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":11923,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/coherence\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"435edf3ca7ddbf4ca91f40ac10327cb1f66676bf6ab909a042287ed8ed3d6eb5\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.coherence\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/coherence\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.coherence.plist\"}"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Executable\": \"/Library/Parallels Guest Tools/apphelper\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"e7e8652328c96832cfab914b4c9c6cac3ca446e58e11e48adf48bee99218a376\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.iagent\", \"Program Arguments\": \"'/Library/Parallels Guest Tools/apphelper', 'ptiagent'\", \"Program\": \"None\", \"Executable Hash\": \"a83b7633e5982d521c3330a54beba3b17a20dbfed567411484e56b311709b01d\", \"Path\": \"/Library/LaunchAgents/com.parallels.iagent.plist\"}","source":"/tmp/pedros-Mac.local.json","offset":12445,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":13016,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/copypaste\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"84b3cbf2d559efe52f3480834a516fe13d9e450c4fa7cee3d0b22415cc070a66\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.copypaste\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/copypaste\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.copypaste.plist\"}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":13538,"message":"{\"Program Arguments\": \"['/usr/local/sbin/xnumon', '-d']\", \"Executable\": \"/usr/local/sbin/xnumon\", \"Program\": \"/usr/local/sbin/xnumon\", \"hash\": \"ccd1b402cf7db9b544b1d7bc93e4c64adbba3b7ebfc9ada5c7afa1a2f7f0d095\", \"Executable Hash\": \"5ad746178928803c53fc7ce7729e186249cdce96581f258a74da0cce74d486e7\", \"Path\": \"/Library/LaunchDaemons/ch.roe.xnumon.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"ch.roe.xnumon\"}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/timesync']\", \"Executable\": \"/Library/Parallels Guest Tools/timesync\", \"Program\": \"None\", \"hash\": \"fbc6f396850a32032d48998dd7baa863d0f7cdf9dae1be77936ed83631fc1743\", \"Executable Hash\": \"94f43cc60b229e5927724a6f09eaec7fcad108303b9a8674e558f40f87efef15\", \"Path\": \"/Library/LaunchDaemons/com.parallels.TimeSync.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.TimeSync\"}","source":"/tmp/pedros-Mac.local.json","offset":13976,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":14442,"message":"{\"Program Arguments\": \"['/usr/local/bin/osqueryd', '--flagfile=/private/var/osquery/osquery.flags']\", \"Executable\": \"/usr/local/bin/osqueryd\", \"Program\": \"None\", \"hash\": \"a8f69ec43386f17fb05416170b6103c2c09fb97d5f1cebe900ce81b42b1e9c9e\", \"Executable Hash\": \"10e78f5d173499e340c3582eeded49bbadde83f515e501d8a37a270d87138f56\", \"Path\": \"/Library/LaunchDaemons/com.facebook.osqueryd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.facebook.osqueryd\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":14923,"message":"{\"Program Arguments\": \"['/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMessageTracer']\", \"Executable\": \"/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMessageTracer\", \"Program\": \"None\", \"hash\": \"120fb9acd8820b3459fdd179929a8f07bd7a9197eb45a45cc2c6dac8df2b94c1\", \"Executable Hash\": \"612574af8f160120fde32b53ce47ffe372a40267bfdb0c2f3e08aa59322b9f52\", \"Path\": \"/Library/LaunchDaemons/com.apple.installer.osmessagetracing.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.apple.installer.osmessagetracing\"}"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":15501,"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/prl_fsd', '/Volumes/SharedFolders', '--share']\", \"Executable\": \"/Library/Parallels Guest Tools/prl_fsd\", \"Program\": \"None\", \"hash\": \"2ca857c31b98d19f929f5226e8a9396af13e0a3d81bb799ee7906b4d8ba7a1a1\", \"Executable Hash\": \"1c6ee9620475711ffb75bc44428d9499eb50ff735d9241bccb669fe3c0ba37b3\", \"Path\": \"/Library/LaunchDaemons/com.parallels.vm.prl_fsd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.vm.prl_fsd\"}"} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":16006,"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/prltoolsd']\", \"Executable\": \"/Library/Parallels Guest Tools/prltoolsd\", \"Program\": \"None\", \"hash\": \"d0c3be9808df1607155cd38bee880dab2a6a367370355d9072040ce45776a98f\", \"Executable Hash\": \"6b7fab3dfbff44ad08e557edf46bd4185f4d33bb3a9db5b419eeee6e5ed7820d\", \"Path\": \"/Library/LaunchDaemons/com.parallels.vm.prltoolsd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.vm.prltoolsd\"}"} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":16482,"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOExpressSASHBA2\", \"CFBundleExecutable\": \"ATTOExpressSASHBA2\", \"CFBundleName\": \"ATTOExpressSASHBA2\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOExpressSASHBA2.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO ExpressSAS HBA Driver 2.61.0f1 Copyright 2008-2018, ATTO Technology, Inc.\"}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":16909,"message":"{\"CFBundleIdentifier\": \"com.parallels.tools.ga\", \"CFBundleExecutable\": \"prl_video_ga\", \"CFBundleName\": \"Parallels Graphics Accelerator Plugin\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_video_ga.plugin/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":17303,"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.video\", \"CFBundleExecutable\": \"prl_video\", \"CFBundleName\": \"Parallels Framebuffer Driver\", \"OSBundleRequired\": \"Safe Boot\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_video.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}"} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":17689,"message":"{\"CFBundleIdentifier\": \"com.Accusys.driver.Acxxx\", \"CFBundleExecutable\": \"ACS6x\", \"CFBundleName\": \"ACS6x\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ACS6x.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ACS6x 3.5.3 Copyright (c) 2004-2017 Accusys, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"offset":18038,"message":"{\"CFBundleIdentifier\": \"com.softraid.driver.SoftRAID\", \"CFBundleExecutable\": \"SoftRAID\", \"CFBundleName\": \"SoftRAID\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/SoftRAID.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"SoftRAID version 5.6.6, Copyright \\u00a9 2002-18 Other World Computing, Inc. All rights reserved.\"}"} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":18441,"message":"{\"CFBundleIdentifier\": \"com.highpoint-tech.kext.HighPointIOP\", \"CFBundleExecutable\": \"HighPointIOP\", \"CFBundleName\": \"HighPointIOP\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/HighPointIOP.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 4.4.1, Copyright (c) 2015 HighPoint Technologies, Inc.\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"CFBundleIdentifier\": \"com.CalDigit.driver.HDPro\", \"CFBundleExecutable\": \"CalDigitHDProDrv\", \"CFBundleName\": \"CalDigitHDProDrv\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/CalDigitHDProDrv.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"CalDigitHDProDrv 2.1.2 Copyright (c) 2004-2009 CalDigit, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":18837} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":19232,"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.eth\", \"CFBundleExecutable\": \"prl_eth\", \"CFBundleName\": null, \"OSBundleRequired\": \"Network-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_eth.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": null}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":19535,"message":"{\"CFBundleIdentifier\": \"com.parallels.driver.AppleIntelAC97Controller\", \"CFBundleExecutable\": \"AppleIntelAC97Controller\", \"CFBundleName\": \"Intel AC97 Controller Driver\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/AppleIntelAC97Controller.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version 1.1.0, Copyright 2002-2003 Apple Computer, Inc.\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":19964,"message":"{\"CFBundleIdentifier\": \"com.highpoint-tech.kext.HighPointRR\", \"CFBundleExecutable\": \"HighPointRR\", \"CFBundleName\": \"HighPointRR\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/HighPointRR.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 4.13.6, Copyright (c) 2017 HighPoint Technologies, Inc.\"}"} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":20357,"message":"{\"CFBundleIdentifier\": \"com.Areca.ArcMSR\", \"CFBundleExecutable\": \"ArcMSR\", \"CFBundleName\": \"ArcMSR\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ArcMSR.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Areca Driver 1.3.9\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":20670,"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOCelerityFC8\", \"CFBundleExecutable\": \"ATTOCelerityFC8\", \"CFBundleName\": \"ATTOCelerityFC8\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOCelerityFC8.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO Celerity FC Driver 3.26.0f1 Copyright 2008-2018, ATTO Technology, Inc.\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":21082,"message":"{\"CFBundleIdentifier\": \"ch.roe.kext.xnumon\", \"CFBundleExecutable\": \"xnumon\", \"CFBundleName\": \"xnumon\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/xnumon.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": null}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":21373,"message":"{\"CFBundleIdentifier\": \"com.promise.driver.stex\", \"CFBundleExecutable\": \"PromiseSTEX\", \"CFBundleName\": \"PromiseSTEX\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/PromiseSTEX.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 6.2.9, Copyright (c) 2010-2017 Promise Technology, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T13:01:22.699Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":21754,"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.tg\", \"CFBundleExecutable\": \"prl_tg\", \"CFBundleName\": \"prl_tg\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_tg.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:01:22.699Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"offset":22102,"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOExpressSASRAID2\", \"CFBundleExecutable\": \"ATTOExpressSASRAID2\", \"CFBundleName\": \"ATTOExpressSASRAID2\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOExpressSASRAID2.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO ExpressSAS RAID Driver 3.76 Copyright 2009-2016, ATTO Technology, Inc.\"}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:22.699Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"offset":22530,"message":"{\"CFBundleIdentifier\": \"com.parallels.driver.AppleIntelAC97Audio\", \"CFBundleExecutable\": \"AppleIntelAC97Audio\", \"CFBundleName\": \"Intel AC97 Audio Driver\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/AppleIntelAC97Audio.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version 1.1.0, Copyright 2002-2003 Apple Computer, Inc.\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:22.699Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":22939,"message":"{\"Application\": \"/Applications/Siri.app\", \"module\": \"Applications\", \"App Hash\": \"659ce5b6f49531752edfd1b202a11a01d9cbe579e95e521d19f1b3fdbc0cb004\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Siri.app/Contents/MacOS/Siri\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:22.699Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":23335,"message":"{\"Application\": \"/Applications/QuickTime Player.app\", \"module\": \"Applications\", \"App Hash\": \"9f925e75b5363a9d91ac2f70f6576eacf98bcb396e3a85bb2e419f7cea0113c9\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/QuickTime Player.app/Contents/MacOS/QuickTime Player\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:01:22.699Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":23767,"message":"{\"Application\": \"/Applications/Chess.app\", \"module\": \"Applications\", \"App Hash\": \"615b1feb2bbd494aed09591672a7f931af687cad1e8c644c2160004648f62050\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Chess.app/Contents/MacOS/Chess\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":24166,"message":"{\"Application\": \"/Applications/Photo Booth.app\", \"module\": \"Applications\", \"App Hash\": \"c26dd0b8cce3f53ab2c93c542ca7fffd8d4bf5bafa19c4201c2ad819bcddba2a\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Photo Booth.app/Contents/MacOS/Photo Booth\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":24583,"message":"{\"Application\": \"/Applications/Books.app\", \"module\": \"Applications\", \"App Hash\": \"4a75c9f5efdb87c88eb59b980bac2ffd10e534c8a034786ff3ae6030e9f9cf01\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Books.app/Contents/MacOS/Books\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":24982,"message":"{\"Application\": \"/Applications/.DS_Store\", \"module\": \"Applications\", \"App Hash\": \"4a75c9f5efdb87c88eb59b980bac2ffd10e534c8a034786ff3ae6030e9f9cf01\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Books.app/Contents/MacOS/Books\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"offset":25381,"message":"{\"Application\": \"/Applications/Notes.app\", \"module\": \"Applications\", \"App Hash\": \"67e7e537427584acc50f0cd34d141f08c20796ea42073509299a9e73c9ec4fff\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Notes.app/Contents/MacOS/Notes\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":25780,"message":"{\"Application\": \"/Applications/Image Capture.app\", \"module\": \"Applications\", \"App Hash\": \"1c5fac3acbe9dc846926c39762cb41a5c0e14160eb6b1ecae903d08c2d186c32\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Image Capture.app/Contents/MacOS/Image Capture\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local"},"message":"{\"Application\": \"/Applications/Home.app\", \"module\": \"Applications\", \"App Hash\": \"36e01c95cd54d08aa3f320e9338564bd4c532da9e78344eeb6ed9ff62f521045\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Home.app/Contents/MacOS/Home\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":26203,"input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":26599,"message":"{\"Application\": \"/Applications/.localized\", \"module\": \"Applications\", \"App Hash\": \"36e01c95cd54d08aa3f320e9338564bd4c532da9e78344eeb6ed9ff62f521045\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Home.app/Contents/MacOS/Home\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Preview.app\", \"module\": \"Applications\", \"App Hash\": \"0f9d95339af191875392222af88fa151f937eddb3c02f81a5024e4bb7022709d\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Preview.app/Contents/MacOS/Preview\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":26997,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":27402,"message":"{\"Application\": \"/Applications/Dashboard.app\", \"module\": \"Applications\", \"App Hash\": \"d16b45973a6329296ada0e0d8dc413a00f8f2c95cc472b3eb36fd1a7080ed9a7\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Dashboard.app/Contents/MacOS/Dashboard\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":27813,"message":"{\"Application\": \"/Applications/News.app\", \"module\": \"Applications\", \"App Hash\": \"91733567592d94d416d995e1c858ac9f3b8f094d89eeca145ff590bfdac7782b\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/News.app/Contents/MacOS/News\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"offset":28209,"message":"{\"Application\": \"/Applications/TextEdit.app\", \"module\": \"Applications\", \"App Hash\": \"7b3f956664bd79dece5bbb4087b46968e7f2fd8773b1e0178be845d40e4116de\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/TextEdit.app/Contents/MacOS/TextEdit\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":28617,"message":"{\"Application\": \"/Applications/Stocks.app\", \"module\": \"Applications\", \"App Hash\": \"79f68b48a37f052997f5f9c773b5167ed582bbb78fb04d5ad25c131de54859dd\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Stocks.app/Contents/MacOS/Stocks\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":29019,"message":"{\"Application\": \"/Applications/Mail.app\", \"module\": \"Applications\", \"App Hash\": \"c5a5ccd6364304e0e2ffa765d80a32a3518d5f2127e4b064a80d71f64d28126a\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Mail.app/Contents/MacOS/Mail\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":29415,"message":"{\"Application\": \"/Applications/Safari.app\", \"module\": \"Applications\", \"App Hash\": \"fc635209818abaa4ae37b54c6efad8b5b58c80ba6b7f29e05bee30289fd8dd49\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Safari.app/Contents/MacOS/Safari\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":29817,"message":"{\"Application\": \"/Applications/Dictionary.app\", \"module\": \"Applications\", \"App Hash\": \"85d63b59e0ace173290fa0a29827eddd65bb5d66e610903bbad4420c338b809c\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Dictionary.app/Contents/MacOS/Dictionary\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":30231,"message":"{\"Application\": \"/Applications/Contacts.app\", \"module\": \"Applications\", \"App Hash\": \"8ca4b70162b001ca23c77f381101649750d306f684c8646dc231584e57ab0783\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Contacts.app/Contents/MacOS/Contacts\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Time Machine.app\", \"module\": \"Applications\", \"App Hash\": \"21d7852366d8deed020fd1299dff162e8de86a68e3a2828d1b5d3d1a6dd021f3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Time Machine.app/Contents/MacOS/Time Machine\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":30639,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":31059,"message":"{\"Application\": \"/Applications/Utilities\", \"module\": \"Applications\", \"App Hash\": \"21d7852366d8deed020fd1299dff162e8de86a68e3a2828d1b5d3d1a6dd021f3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Time Machine.app/Contents/MacOS/Time Machine\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":31472,"message":"{\"Application\": \"/Applications/Font Book.app\", \"module\": \"Applications\", \"App Hash\": \"bd4f183e948eceadcbc899016a06d8b4a5b8ff6f9b17a86236bf035f8a76e0b3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Font Book.app/Contents/MacOS/Font Book\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":31883,"message":"{\"Application\": \"/Applications/FaceTime.app\", \"module\": \"Applications\", \"App Hash\": \"2b2d847841d19024d96b87c5fdf2c680f6175afcce6bd64b416ff0810e555ace\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/FaceTime.app/Contents/MacOS/FaceTime\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":32291,"message":"{\"Application\": \"/Applications/Maps.app\", \"module\": \"Applications\", \"App Hash\": \"fb4f140d7113177fcfb1f648cadb53c14f993413c1595a008eca5f6a51d65594\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Maps.app/Contents/MacOS/Maps\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":32687,"message":"{\"Application\": \"/Applications/Mission Control.app\", \"module\": \"Applications\", \"App Hash\": \"ab3777237bd55d8c989753ed7e689f14d12080d8a0424c515be49fa51e20626d\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Mission Control.app/Contents/MacOS/Mission Control\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"offset":33116,"message":"{\"Application\": \"/Applications/Stickies.app\", \"module\": \"Applications\", \"App Hash\": \"2d99b9eff803ae0f12f862e49f2acb61f366a20a297bf336af39dbdcd3a4ff77\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Stickies.app/Contents/MacOS/Stickies\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":33524,"message":"{\"Application\": \"/Applications/Photos.app\", \"module\": \"Applications\", \"App Hash\": \"e5ba1e45ea442103882e56876d4c1ac134001e6ee01be3f91cc1fd55bc564226\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Photos.app/Contents/MacOS/Photos\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":33926,"message":"{\"Application\": \"/Applications/Messages.app\", \"module\": \"Applications\", \"App Hash\": \"ac927ae17bf5173a31a429be099b1fad74756c1130b96f0d9a3e643ea2e766b0\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Messages.app/Contents/MacOS/Messages\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":34334,"message":"{\"Application\": \"/Applications/Calculator.app\", \"module\": \"Applications\", \"App Hash\": \"e7edb05f935b66021a108082107523cef18d934a9c176cfdee16a81158a44cb7\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Calculator.app/Contents/MacOS/Calculator\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":34748,"message":"{\"Application\": \"/Applications/VoiceMemos.app\", \"module\": \"Applications\", \"App Hash\": \"ad72e1623011457e03c8c662a0a18d1fbaaf44eec359d48413dd5bdb9517afbf\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/VoiceMemos.app/Contents/MacOS/VoiceMemos\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":35162,"message":"{\"Application\": \"/Applications/iTunes.app\", \"module\": \"Applications\", \"App Hash\": \"94c3d7870dd1a865e2f27a64f9cbd3182424123ffec79c788ac98d37f0f009ee\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/iTunes.app/Contents/MacOS/iTunes\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":35564,"message":"{\"Application\": \"/Applications/Launchpad.app\", \"module\": \"Applications\", \"App Hash\": \"3a24761426ebbb9c889c4cc806e9a241f296459cb243eec9e4492d70ef58f2d8\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Launchpad.app/Contents/MacOS/Launchpad\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":35975,"message":"{\"Application\": \"/Applications/Reminders.app\", \"module\": \"Applications\", \"App Hash\": \"ea8f7ca6790139d2dd7d2e72ad9a2b8153f0228ccb7c4f643006bbf69a66fc55\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Reminders.app/Contents/MacOS/Reminders\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":36386,"message":"{\"Application\": \"/Applications/App Store.app\", \"module\": \"Applications\", \"App Hash\": \"c895b9f090d52298539d3ad6f0e0c3a3c9d32517c9fa43e82c45617177c69b07\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/App Store.app/Contents/MacOS/App Store\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":36797,"message":"{\"Application\": \"/Applications/Automator.app\", \"module\": \"Applications\", \"App Hash\": \"05e9783f41567545e92e239ba629515eb8e6b6ba9d79cae3fb204dff2dd713a9\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Automator.app/Contents/MacOS/Automator\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":37208,"message":"{\"Application\": \"/Applications/Calendar.app\", \"module\": \"Applications\", \"App Hash\": \"6fbc168c2b14270aefb3ad1a73efea31a571600fe85c9344abc37d7a4f6ed64b\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Calendar.app/Contents/MacOS/Calendar\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":37616,"message":"{\"Application\": \"/Applications/System Preferences.app\", \"module\": \"Applications\", \"App Hash\": \"bed7eeac83d232a0d090a4158b3a1872aaa8744235b8d6dcb7f933087258cff5\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/System Preferences.app/Contents/MacOS/System Preferences\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"offset":38054,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"1189641421\", \"Tapping Process Name\": \"/System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"334\", \"Module\": \"Event Taps\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":38296,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"596516649\", \"Tapping Process Name\": \"/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"315\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":38588,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"1649760492\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"False\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":38772,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"719885386\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"False\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:45.494Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"424238335\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","source":"/tmp/pedros-Mac.local.json","offset":38955,"prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:45.494Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Module\": \"Bash History\", \"user\": \"pedro\", \"bash_commands\": [\"diskutil list\", \"cd \", \"sudo -i\", \"ls /var/log/\", \"cd /var/log/osquery/\", \"ls\", \"ls -la\", \"clear\", \"clear\", \"cd\", \"clear\", \"sudo -i\", \"/tmp/\", \"clear\", \"sudo -i\", \"cd Downloads/\", \"ls\", \"cd filebeat-6.5.4-darwin-x86_64/\", \"sudo -i\", \"cd Downloads/\", \"ls\", \"clear\", \"ls\", \"cd filebeat-6.5.4-darwin-x86_64/\", \"ls\", \"nano filebeat\", \"nano filebeat.yml \", \"sudo -i\", \"\"]}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":39137} | |
| {"@timestamp":"2019-02-25T13:07:00.668Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"users\": [\"daemon\", \"nobody\", \"pedro\", \"root\", \"\"], \"module\": \"Users\"}","source":"/tmp/pedros-Mac.local.json","offset":0,"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":104,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SIP Status\": \"enabled\", \"module\": \"System Intergrity Protection\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":204,"message":"{\"kernel\": \"18.2.0\", \"hostname\": \"pedros-Mac.local\", \"kernel_release\": \"xnu-4903.231.4~2/RELEASE_X86_64\", \"module\": \"System Info\"}"} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":335,"message":"{\"date\": \"2018-12-11T07:31:45\", \"packageIdentifiers\": [\"com.apple.pkg.Core\", \"com.apple.pkg.EmbeddedOSFirmware\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"SU_TITLE\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":537,"message":"{\"date\": \"2018-12-11T07:44:31\", \"packageIdentifiers\": [\"com.parallels.pkg.guestostools.audio\", \"com.parallels.pkg.guestostools.video\", \"com.parallels.pkg.guestostools.tg\", \"com.parallels.pkg.guestostools.network\", \"com.parallels.pkg.guestostools.hosttime\", \"com.parallels.pkg.guestostools.sf\", \"com.parallels.pkg.guestostools.ts\", \"com.parallels.pkg.guestostools.ut\", \"com.parallels.pkg.guestostools.coherence\", \"com.parallels.pkg.guestostools.iagent\", \"com.parallels.pkg.guestostools.copypaste\", \"com.parallels.pkg.guestostools.dragdrop\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Parallels Tools for Mac\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":1181,"message":"{\"date\": \"2018-12-11T08:13:23\", \"packageIdentifiers\": [\"com.apple.pkg.macOSUpdCombo10.13.6Auto.RecoveryHDUpdate.17G65\", \"com.apple.pkg.macOSBrain\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS High Sierra 10.13.6 Update\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-11T08:13:23\", \"packageIdentifiers\": [\"com.apple.pkg.iTunesX\", \"com.apple.pkg.iTunesAccess\", \"com.apple.pkg.CoreFP\", \"com.apple.pkg.CoreADI\", \"com.apple.pkg.MobileDevice\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"iTunes\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":1442,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-11T08:21:34\", \"packageIdentifiers\": [\"com.apple.pkg.FirmwareUpdate\", \"com.apple.pkg.update.os.Combo10.13.6Auto.17G65\", \"com.apple.pkg.SecureBoot\", \"com.apple.pkg.EmbeddedOSFirmware\", \"com.apple.update.fullbundleupdate.17G65\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS High Sierra 10.13.6 Update\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":1718,"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"offset":2075,"message":"{\"date\": \"2018-12-11T11:06:24\", \"packageIdentifiers\": [\"com.apple.pkg.Safari12.0.2HighSierraAuto\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Safari\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":2261,"message":"{\"date\": \"2018-12-11T11:06:24\", \"packageIdentifiers\": [\"com.apple.pkg.macOSBrain\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Security Update 2018-003\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64","name":"pedros-Mac.local"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"date\": \"2018-12-11T18:36:42\", \"packageIdentifiers\": [\"com.apple.pkg.InstallAssistantAuto\", \"com.apple.pkg.InstallESDDmg\", \"com.apple.pkg.RecoveryHDMetaDmg\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS Mojave\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":2449,"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":2701,"message":"{\"date\": \"2018-12-11T19:01:35\", \"packageIdentifiers\": [\"com.apple.pkg.Core\", \"com.apple.pkg.EmbeddedOSFirmware\", \"com.apple.pkg.SecureBoot\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"SU_TITLE\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":2931,"message":"{\"date\": \"2018-12-13T10:15:59\", \"packageIdentifiers\": [\"com.apple.pkg.XProtectPlistConfigData.16U4040\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"XProtectPlistConfigData\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-13T10:16:01\", \"packageIdentifiers\": [\"com.apple.pkg.GatekeeperConfigData.16U1642\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Gatekeeper Configuration Data\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":3139} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":3350,"message":"{\"date\": \"2018-12-13T10:16:14\", \"packageIdentifiers\": [\"com.apple.pkg.TCCConfigData.16U1640\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"TCC Configuration Data\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":3547,"message":"{\"date\": \"2018-12-13T10:16:26\", \"packageIdentifiers\": [\"com.apple.pkg.MRTConfigData.16U4046\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"MRTConfigData\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":3735,"message":"{\"date\": \"2018-12-13T10:45:39\", \"packageIdentifiers\": [\"com.facebook.osquery\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"osquery-3.3.0\", \"module\": \"Install History\"}"} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"date\": \"2018-12-13T10:47:27\", \"packageIdentifiers\": [\"ch.roe.xnumon\", \"ch.roe.kext.xnumon\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"xnumon\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":3908,"prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2019-02-22T18:28:42\", \"packageIdentifiers\": [\"com.apple.pkg.GatekeeperConfigData.16U1679\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Gatekeeper Configuration Data\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":4089,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":4300,"message":"{\"date\": \"2019-02-22T18:28:54\", \"packageIdentifiers\": [\"com.parallels.pkg.guestostools.audio\", \"com.parallels.pkg.guestostools.video\", \"com.parallels.pkg.guestostools.tg\", \"com.parallels.pkg.guestostools.network\", \"com.parallels.pkg.guestostools.hosttime\", \"com.parallels.pkg.guestostools.sf\", \"com.parallels.pkg.guestostools.ts\", \"com.parallels.pkg.guestostools.ut\", \"com.parallels.pkg.guestostools.coherence\", \"com.parallels.pkg.guestostools.iagent\", \"com.parallels.pkg.guestostools.copypaste\", \"com.parallels.pkg.guestostools.dragdrop\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Parallels Tools for Mac\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"message":"{\"date\": \"2019-02-22T18:29:24\", \"packageIdentifiers\": [\"com.apple.pkg.MRTConfigData.16U4050\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"MRTConfigData\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":4944,"prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":5132,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Gatekeeper Status\", \"Gatekeeper Status\": \"assessments enabled\\n\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":5242,"message":"{\"Process Name\": \"apsd\", \"Process ID\": \"390\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49172-\u003e17.249.172.94:5223\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":5454,"message":"{\"Process Name\": \"apsd\", \"Process ID\": \"390\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49172-\u003e17.249.172.94:5223\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Process Name\": \"filebeat\", \"Process ID\": \"2802\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49315-\u003e172.16.250.152:XmlIpcRegSvc\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"offset":5666} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Process Name\": \"filebeat\", \"Process ID\": \"2802\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49316-\u003e172.16.250.152:XmlIpcRegSvc\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":5892} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":6118,"message":"{\"Process Name\": \"filebeat\", \"Process ID\": \"2998\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49327-\u003e172.16.250.152:XmlIpcRegSvc\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"offset":6344,"message":"{\"Process Name\": \"filebeat\", \"Process ID\": \"2998\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49328-\u003e172.16.250.152:XmlIpcRegSvc\"}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":6570,"message":"{\"TERM\": \"xterm-256color\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":6664,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SSH_AUTH_SOCK\": \"/private/tmp/com.apple.launchd.B3dIjdIaHW/Listeners\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":6804,"message":"{\"PATH\": \"/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":6928,"message":"{\"LANG\": \"en_US.UTF-8\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":7019,"message":"{\"HOME\": \"/Users/pedro\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":7111,"message":"{\"MAIL\": \"/var/mail/root\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":7205,"message":"{\"Hostname\": \"pedros-Mac.local\", \"LOGNAME\": \"root\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64","name":"pedros-Mac.local"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"USER\": \"root\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","offset":7292,"input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":7376,"message":"{\"USERNAME\": \"root\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":7464,"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"SHELL\": \"/bin/sh\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"message":"{\"SUDO_COMMAND\": \"/usr/bin/python /Users/pedro/Desktop/Venator.py -d /tmp/\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","offset":7552,"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":7696,"message":"{\"SUDO_USER\": \"pedro\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":7786,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SUDO_UID\": \"501\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":7873,"message":"{\"SUDO_GID\": \"20\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":7959,"message":"{\"__CF_USER_TEXT_ENCODING\": \"0x0:0:0\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":8065,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\", \"VERSIONER_PYTHON_VERSION\": \"2.7\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"VERSIONER_PYTHON_PREFER_32_BIT\": \"no\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local","architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":8168} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":8276,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":8344,"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Periodic Scripts\", \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"]}"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"offset":8596,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Periodic Scripts\", \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"], \"/etc/periodic/weekly/\": [\"320.whatis\", \"999.local\"]}"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":8902,"message":"{\"/etc/periodic/monthly/\": [\"199.rotate-fax\", \"999.local\", \"200.accounting\"], \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"], \"Hostname\": \"pedros-Mac.local\", \"/etc/periodic/weekly/\": [\"320.whatis\", \"999.local\"], \"module\": \"Periodic Scripts\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":9285,"message":"{\"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"module\": \"Cron Jobs\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":9395,"message":"{\"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"module\": \"Cron Jobs\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":9559,"message":"{\"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"module\": \"Cron Jobs\"}"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":9775,"message":"{\"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"root\": [\"crontab: no crontab for root\\n\", null], \"module\": \"Cron Jobs\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"message":"{\"\": [\"crontab: user `' unknown\\n\", null], \"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"root\": [\"crontab: no crontab for root\\n\", null], \"module\": \"Cron Jobs\"}","source":"/tmp/pedros-Mac.local.json","offset":10041,"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":10349,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Emond Rules\", \"/etc/emond.d/rules/SampleRules.plist\": [{\"name\": \"sample rule\", \"allowPartialCriterionMatch\": false, \"enabled\": false, \"actions\": [{\"logLevel\": \"Notice\", \"logType\": \"syslog\", \"message\": \"Event Monitor started at ${builtin:now}\", \"type\": \"Log\"}], \"criterion\": [{\"operator\": \"True\"}], \"eventTypes\": [\"startup\"]}]}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"offset":10720,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/dynres\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"9264fcec329d0be901973f7469afd187856d047f51840558d938a256921192d3\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.DynresHelper\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/dynres\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.DynresHelper.plist\"}"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":11242,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/prlfs_desktop.sh\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"a4e067967acd4120b0ad1925c31987a1e672cee35fef846c0fe22921eee0ab0d\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.vm.sharedfolders.desktop\", \"Program Arguments\": \"'/Library/Parallels Guest Tools/prlfs_desktop.sh'\", \"Program\": \"None\", \"Executable Hash\": \"382727143bd3e1a9d82bac85f6ff7a6962d1bbc7c5c16a68733e0f27e594032b\", \"Path\": \"/Library/LaunchAgents/com.parallels.vm.sharedfolders.desktop.plist\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":11851,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/prldragdrop\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"6cadda04967edec8818405617ad627efef8ffd6614e09ed9eff666200b86c8cb\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.dragdrop\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/prldragdrop\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.dragdrop.plist\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":12375,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/coherence\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"435edf3ca7ddbf4ca91f40ac10327cb1f66676bf6ab909a042287ed8ed3d6eb5\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.coherence\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/coherence\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.coherence.plist\"}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"message":"{\"Executable\": \"/Library/Parallels Guest Tools/apphelper\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"e7e8652328c96832cfab914b4c9c6cac3ca446e58e11e48adf48bee99218a376\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.iagent\", \"Program Arguments\": \"'/Library/Parallels Guest Tools/apphelper', 'ptiagent'\", \"Program\": \"None\", \"Executable Hash\": \"a83b7633e5982d521c3330a54beba3b17a20dbfed567411484e56b311709b01d\", \"Path\": \"/Library/LaunchAgents/com.parallels.iagent.plist\"}","source":"/tmp/pedros-Mac.local.json","offset":12897,"input":{"type":"log"},"prospector":{"type":"log"},"host":{"architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":13468,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/copypaste\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"84b3cbf2d559efe52f3480834a516fe13d9e450c4fa7cee3d0b22415cc070a66\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.copypaste\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/copypaste\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.copypaste.plist\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":13990,"message":"{\"Program Arguments\": \"['/usr/local/sbin/xnumon', '-d']\", \"Executable\": \"/usr/local/sbin/xnumon\", \"Program\": \"/usr/local/sbin/xnumon\", \"hash\": \"ccd1b402cf7db9b544b1d7bc93e4c64adbba3b7ebfc9ada5c7afa1a2f7f0d095\", \"Executable Hash\": \"5ad746178928803c53fc7ce7729e186249cdce96581f258a74da0cce74d486e7\", \"Path\": \"/Library/LaunchDaemons/ch.roe.xnumon.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"ch.roe.xnumon\"}"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":14428,"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/timesync']\", \"Executable\": \"/Library/Parallels Guest Tools/timesync\", \"Program\": \"None\", \"hash\": \"fbc6f396850a32032d48998dd7baa863d0f7cdf9dae1be77936ed83631fc1743\", \"Executable Hash\": \"94f43cc60b229e5927724a6f09eaec7fcad108303b9a8674e558f40f87efef15\", \"Path\": \"/Library/LaunchDaemons/com.parallels.TimeSync.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.TimeSync\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":14894,"message":"{\"Program Arguments\": \"['/usr/local/bin/osqueryd', '--flagfile=/private/var/osquery/osquery.flags']\", \"Executable\": \"/usr/local/bin/osqueryd\", \"Program\": \"None\", \"hash\": \"a8f69ec43386f17fb05416170b6103c2c09fb97d5f1cebe900ce81b42b1e9c9e\", \"Executable Hash\": \"10e78f5d173499e340c3582eeded49bbadde83f515e501d8a37a270d87138f56\", \"Path\": \"/Library/LaunchDaemons/com.facebook.osqueryd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.facebook.osqueryd\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":15375,"message":"{\"Program Arguments\": \"['/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMessageTracer']\", \"Executable\": \"/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMessageTracer\", \"Program\": \"None\", \"hash\": \"120fb9acd8820b3459fdd179929a8f07bd7a9197eb45a45cc2c6dac8df2b94c1\", \"Executable Hash\": \"612574af8f160120fde32b53ce47ffe372a40267bfdb0c2f3e08aa59322b9f52\", \"Path\": \"/Library/LaunchDaemons/com.apple.installer.osmessagetracing.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.apple.installer.osmessagetracing\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":15953,"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/prl_fsd', '/Volumes/SharedFolders', '--share']\", \"Executable\": \"/Library/Parallels Guest Tools/prl_fsd\", \"Program\": \"None\", \"hash\": \"2ca857c31b98d19f929f5226e8a9396af13e0a3d81bb799ee7906b4d8ba7a1a1\", \"Executable Hash\": \"1c6ee9620475711ffb75bc44428d9499eb50ff735d9241bccb669fe3c0ba37b3\", \"Path\": \"/Library/LaunchDaemons/com.parallels.vm.prl_fsd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.vm.prl_fsd\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":16458,"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/prltoolsd']\", \"Executable\": \"/Library/Parallels Guest Tools/prltoolsd\", \"Program\": \"None\", \"hash\": \"d0c3be9808df1607155cd38bee880dab2a6a367370355d9072040ce45776a98f\", \"Executable Hash\": \"6b7fab3dfbff44ad08e557edf46bd4185f4d33bb3a9db5b419eeee6e5ed7820d\", \"Path\": \"/Library/LaunchDaemons/com.parallels.vm.prltoolsd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.vm.prltoolsd\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":16934,"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOExpressSASHBA2\", \"CFBundleExecutable\": \"ATTOExpressSASHBA2\", \"CFBundleName\": \"ATTOExpressSASHBA2\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOExpressSASHBA2.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO ExpressSAS HBA Driver 2.61.0f1 Copyright 2008-2018, ATTO Technology, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"message":"{\"CFBundleIdentifier\": \"com.parallels.tools.ga\", \"CFBundleExecutable\": \"prl_video_ga\", \"CFBundleName\": \"Parallels Graphics Accelerator Plugin\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_video_ga.plugin/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}","source":"/tmp/pedros-Mac.local.json","offset":17361,"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":17755,"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.video\", \"CFBundleExecutable\": \"prl_video\", \"CFBundleName\": \"Parallels Framebuffer Driver\", \"OSBundleRequired\": \"Safe Boot\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_video.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"offset":18141,"message":"{\"CFBundleIdentifier\": \"com.Accusys.driver.Acxxx\", \"CFBundleExecutable\": \"ACS6x\", \"CFBundleName\": \"ACS6x\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ACS6x.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ACS6x 3.5.3 Copyright (c) 2004-2017 Accusys, Inc.\"}"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":18490,"message":"{\"CFBundleIdentifier\": \"com.softraid.driver.SoftRAID\", \"CFBundleExecutable\": \"SoftRAID\", \"CFBundleName\": \"SoftRAID\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/SoftRAID.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"SoftRAID version 5.6.6, Copyright \\u00a9 2002-18 Other World Computing, Inc. All rights reserved.\"}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"CFBundleIdentifier\": \"com.highpoint-tech.kext.HighPointIOP\", \"CFBundleExecutable\": \"HighPointIOP\", \"CFBundleName\": \"HighPointIOP\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/HighPointIOP.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 4.4.1, Copyright (c) 2015 HighPoint Technologies, Inc.\"}","source":"/tmp/pedros-Mac.local.json","offset":18893,"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":19289,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"message":"{\"CFBundleIdentifier\": \"com.CalDigit.driver.HDPro\", \"CFBundleExecutable\": \"CalDigitHDProDrv\", \"CFBundleName\": \"CalDigitHDProDrv\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/CalDigitHDProDrv.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"CalDigitHDProDrv 2.1.2 Copyright (c) 2004-2009 CalDigit, Inc.\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":19684,"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.eth\", \"CFBundleExecutable\": \"prl_eth\", \"CFBundleName\": null, \"OSBundleRequired\": \"Network-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_eth.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": null}"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":19987,"message":"{\"CFBundleIdentifier\": \"com.parallels.driver.AppleIntelAC97Controller\", \"CFBundleExecutable\": \"AppleIntelAC97Controller\", \"CFBundleName\": \"Intel AC97 Controller Driver\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/AppleIntelAC97Controller.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version 1.1.0, Copyright 2002-2003 Apple Computer, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"CFBundleIdentifier\": \"com.highpoint-tech.kext.HighPointRR\", \"CFBundleExecutable\": \"HighPointRR\", \"CFBundleName\": \"HighPointRR\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/HighPointRR.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 4.13.6, Copyright (c) 2017 HighPoint Technologies, Inc.\"}","source":"/tmp/pedros-Mac.local.json","offset":20416,"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":20809,"message":"{\"CFBundleIdentifier\": \"com.Areca.ArcMSR\", \"CFBundleExecutable\": \"ArcMSR\", \"CFBundleName\": \"ArcMSR\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ArcMSR.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Areca Driver 1.3.9\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":21122,"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOCelerityFC8\", \"CFBundleExecutable\": \"ATTOCelerityFC8\", \"CFBundleName\": \"ATTOCelerityFC8\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOCelerityFC8.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO Celerity FC Driver 3.26.0f1 Copyright 2008-2018, ATTO Technology, Inc.\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":21534,"message":"{\"CFBundleIdentifier\": \"ch.roe.kext.xnumon\", \"CFBundleExecutable\": \"xnumon\", \"CFBundleName\": \"xnumon\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/xnumon.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": null}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":21825,"message":"{\"CFBundleIdentifier\": \"com.promise.driver.stex\", \"CFBundleExecutable\": \"PromiseSTEX\", \"CFBundleName\": \"PromiseSTEX\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/PromiseSTEX.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 6.2.9, Copyright (c) 2010-2017 Promise Technology, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":22206,"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.tg\", \"CFBundleExecutable\": \"prl_tg\", \"CFBundleName\": \"prl_tg\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_tg.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":22554,"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOExpressSASRAID2\", \"CFBundleExecutable\": \"ATTOExpressSASRAID2\", \"CFBundleName\": \"ATTOExpressSASRAID2\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOExpressSASRAID2.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO ExpressSAS RAID Driver 3.76 Copyright 2009-2016, ATTO Technology, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":22982,"message":"{\"CFBundleIdentifier\": \"com.parallels.driver.AppleIntelAC97Audio\", \"CFBundleExecutable\": \"AppleIntelAC97Audio\", \"CFBundleName\": \"Intel AC97 Audio Driver\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/AppleIntelAC97Audio.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version 1.1.0, Copyright 2002-2003 Apple Computer, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":23391,"message":"{\"Application\": \"/Applications/Siri.app\", \"module\": \"Applications\", \"App Hash\": \"659ce5b6f49531752edfd1b202a11a01d9cbe579e95e521d19f1b3fdbc0cb004\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Siri.app/Contents/MacOS/Siri\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":23787,"message":"{\"Application\": \"/Applications/QuickTime Player.app\", \"module\": \"Applications\", \"App Hash\": \"9f925e75b5363a9d91ac2f70f6576eacf98bcb396e3a85bb2e419f7cea0113c9\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/QuickTime Player.app/Contents/MacOS/QuickTime Player\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":24219,"message":"{\"Application\": \"/Applications/Chess.app\", \"module\": \"Applications\", \"App Hash\": \"615b1feb2bbd494aed09591672a7f931af687cad1e8c644c2160004648f62050\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Chess.app/Contents/MacOS/Chess\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":24618,"message":"{\"Application\": \"/Applications/Photo Booth.app\", \"module\": \"Applications\", \"App Hash\": \"c26dd0b8cce3f53ab2c93c542ca7fffd8d4bf5bafa19c4201c2ad819bcddba2a\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Photo Booth.app/Contents/MacOS/Photo Booth\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":25035,"message":"{\"Application\": \"/Applications/Books.app\", \"module\": \"Applications\", \"App Hash\": \"4a75c9f5efdb87c88eb59b980bac2ffd10e534c8a034786ff3ae6030e9f9cf01\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Books.app/Contents/MacOS/Books\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":25434,"message":"{\"Application\": \"/Applications/.DS_Store\", \"module\": \"Applications\", \"App Hash\": \"4a75c9f5efdb87c88eb59b980bac2ffd10e534c8a034786ff3ae6030e9f9cf01\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Books.app/Contents/MacOS/Books\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":25833,"message":"{\"Application\": \"/Applications/Notes.app\", \"module\": \"Applications\", \"App Hash\": \"67e7e537427584acc50f0cd34d141f08c20796ea42073509299a9e73c9ec4fff\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Notes.app/Contents/MacOS/Notes\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":26232,"message":"{\"Application\": \"/Applications/Image Capture.app\", \"module\": \"Applications\", \"App Hash\": \"1c5fac3acbe9dc846926c39762cb41a5c0e14160eb6b1ecae903d08c2d186c32\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Image Capture.app/Contents/MacOS/Image Capture\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":26655,"message":"{\"Application\": \"/Applications/Home.app\", \"module\": \"Applications\", \"App Hash\": \"36e01c95cd54d08aa3f320e9338564bd4c532da9e78344eeb6ed9ff62f521045\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Home.app/Contents/MacOS/Home\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":27051,"message":"{\"Application\": \"/Applications/.localized\", \"module\": \"Applications\", \"App Hash\": \"36e01c95cd54d08aa3f320e9338564bd4c532da9e78344eeb6ed9ff62f521045\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Home.app/Contents/MacOS/Home\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":27449,"message":"{\"Application\": \"/Applications/Preview.app\", \"module\": \"Applications\", \"App Hash\": \"0f9d95339af191875392222af88fa151f937eddb3c02f81a5024e4bb7022709d\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Preview.app/Contents/MacOS/Preview\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":27854,"message":"{\"Application\": \"/Applications/Dashboard.app\", \"module\": \"Applications\", \"App Hash\": \"d16b45973a6329296ada0e0d8dc413a00f8f2c95cc472b3eb36fd1a7080ed9a7\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Dashboard.app/Contents/MacOS/Dashboard\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":28265,"message":"{\"Application\": \"/Applications/News.app\", \"module\": \"Applications\", \"App Hash\": \"91733567592d94d416d995e1c858ac9f3b8f094d89eeca145ff590bfdac7782b\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/News.app/Contents/MacOS/News\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/TextEdit.app\", \"module\": \"Applications\", \"App Hash\": \"7b3f956664bd79dece5bbb4087b46968e7f2fd8773b1e0178be845d40e4116de\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/TextEdit.app/Contents/MacOS/TextEdit\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":28661,"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":29069,"message":"{\"Application\": \"/Applications/Stocks.app\", \"module\": \"Applications\", \"App Hash\": \"79f68b48a37f052997f5f9c773b5167ed582bbb78fb04d5ad25c131de54859dd\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Stocks.app/Contents/MacOS/Stocks\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":29471,"message":"{\"Application\": \"/Applications/Mail.app\", \"module\": \"Applications\", \"App Hash\": \"c5a5ccd6364304e0e2ffa765d80a32a3518d5f2127e4b064a80d71f64d28126a\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Mail.app/Contents/MacOS/Mail\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":29867,"message":"{\"Application\": \"/Applications/Safari.app\", \"module\": \"Applications\", \"App Hash\": \"fc635209818abaa4ae37b54c6efad8b5b58c80ba6b7f29e05bee30289fd8dd49\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Safari.app/Contents/MacOS/Safari\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"message":"{\"Application\": \"/Applications/Dictionary.app\", \"module\": \"Applications\", \"App Hash\": \"85d63b59e0ace173290fa0a29827eddd65bb5d66e610903bbad4420c338b809c\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Dictionary.app/Contents/MacOS/Dictionary\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":30269} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":30683,"message":"{\"Application\": \"/Applications/Contacts.app\", \"module\": \"Applications\", \"App Hash\": \"8ca4b70162b001ca23c77f381101649750d306f684c8646dc231584e57ab0783\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Contacts.app/Contents/MacOS/Contacts\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":31091,"message":"{\"Application\": \"/Applications/Time Machine.app\", \"module\": \"Applications\", \"App Hash\": \"21d7852366d8deed020fd1299dff162e8de86a68e3a2828d1b5d3d1a6dd021f3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Time Machine.app/Contents/MacOS/Time Machine\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":31511,"message":"{\"Application\": \"/Applications/Utilities\", \"module\": \"Applications\", \"App Hash\": \"21d7852366d8deed020fd1299dff162e8de86a68e3a2828d1b5d3d1a6dd021f3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Time Machine.app/Contents/MacOS/Time Machine\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":31924,"message":"{\"Application\": \"/Applications/Font Book.app\", \"module\": \"Applications\", \"App Hash\": \"bd4f183e948eceadcbc899016a06d8b4a5b8ff6f9b17a86236bf035f8a76e0b3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Font Book.app/Contents/MacOS/Font Book\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":32335,"message":"{\"Application\": \"/Applications/FaceTime.app\", \"module\": \"Applications\", \"App Hash\": \"2b2d847841d19024d96b87c5fdf2c680f6175afcce6bd64b416ff0810e555ace\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/FaceTime.app/Contents/MacOS/FaceTime\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":32743,"message":"{\"Application\": \"/Applications/Maps.app\", \"module\": \"Applications\", \"App Hash\": \"fb4f140d7113177fcfb1f648cadb53c14f993413c1595a008eca5f6a51d65594\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Maps.app/Contents/MacOS/Maps\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":33139,"message":"{\"Application\": \"/Applications/Mission Control.app\", \"module\": \"Applications\", \"App Hash\": \"ab3777237bd55d8c989753ed7e689f14d12080d8a0424c515be49fa51e20626d\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Mission Control.app/Contents/MacOS/Mission Control\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Stickies.app\", \"module\": \"Applications\", \"App Hash\": \"2d99b9eff803ae0f12f862e49f2acb61f366a20a297bf336af39dbdcd3a4ff77\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Stickies.app/Contents/MacOS/Stickies\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":33568} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":33976,"message":"{\"Application\": \"/Applications/Photos.app\", \"module\": \"Applications\", \"App Hash\": \"e5ba1e45ea442103882e56876d4c1ac134001e6ee01be3f91cc1fd55bc564226\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Photos.app/Contents/MacOS/Photos\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":34378,"message":"{\"Application\": \"/Applications/Messages.app\", \"module\": \"Applications\", \"App Hash\": \"ac927ae17bf5173a31a429be099b1fad74756c1130b96f0d9a3e643ea2e766b0\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Messages.app/Contents/MacOS/Messages\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":34786,"message":"{\"Application\": \"/Applications/Calculator.app\", \"module\": \"Applications\", \"App Hash\": \"e7edb05f935b66021a108082107523cef18d934a9c176cfdee16a81158a44cb7\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Calculator.app/Contents/MacOS/Calculator\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":35200,"message":"{\"Application\": \"/Applications/VoiceMemos.app\", \"module\": \"Applications\", \"App Hash\": \"ad72e1623011457e03c8c662a0a18d1fbaaf44eec359d48413dd5bdb9517afbf\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/VoiceMemos.app/Contents/MacOS/VoiceMemos\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":35614,"message":"{\"Application\": \"/Applications/iTunes.app\", \"module\": \"Applications\", \"App Hash\": \"94c3d7870dd1a865e2f27a64f9cbd3182424123ffec79c788ac98d37f0f009ee\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/iTunes.app/Contents/MacOS/iTunes\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T13:07:00.672Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Launchpad.app\", \"module\": \"Applications\", \"App Hash\": \"3a24761426ebbb9c889c4cc806e9a241f296459cb243eec9e4492d70ef58f2d8\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Launchpad.app/Contents/MacOS/Launchpad\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":36016} | |
| {"@timestamp":"2019-02-25T13:07:00.673Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":36427,"message":"{\"Application\": \"/Applications/Reminders.app\", \"module\": \"Applications\", \"App Hash\": \"ea8f7ca6790139d2dd7d2e72ad9a2b8153f0228ccb7c4f643006bbf69a66fc55\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Reminders.app/Contents/MacOS/Reminders\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.673Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/App Store.app\", \"module\": \"Applications\", \"App Hash\": \"c895b9f090d52298539d3ad6f0e0c3a3c9d32517c9fa43e82c45617177c69b07\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/App Store.app/Contents/MacOS/App Store\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":36838,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T13:07:00.673Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":37249,"message":"{\"Application\": \"/Applications/Automator.app\", \"module\": \"Applications\", \"App Hash\": \"05e9783f41567545e92e239ba629515eb8e6b6ba9d79cae3fb204dff2dd713a9\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Automator.app/Contents/MacOS/Automator\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.673Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":37660,"message":"{\"Application\": \"/Applications/Calendar.app\", \"module\": \"Applications\", \"App Hash\": \"6fbc168c2b14270aefb3ad1a73efea31a571600fe85c9344abc37d7a4f6ed64b\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Calendar.app/Contents/MacOS/Calendar\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:07:00.673Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":38068,"message":"{\"Application\": \"/Applications/System Preferences.app\", \"module\": \"Applications\", \"App Hash\": \"bed7eeac83d232a0d090a4158b3a1872aaa8744235b8d6dcb7f933087258cff5\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/System Preferences.app/Contents/MacOS/System Preferences\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:07:00.673Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":38506,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"1189641421\", \"Tapping Process Name\": \"/System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"334\", \"Module\": \"Event Taps\"}"} | |
| {"@timestamp":"2019-02-25T13:07:00.673Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":38748,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"596516649\", \"Tapping Process Name\": \"/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"315\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:07:00.673Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":39040,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"1649760492\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"False\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:07:00.673Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"719885386\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"False\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","source":"/tmp/pedros-Mac.local.json","offset":39224} | |
| {"@timestamp":"2019-02-25T13:07:00.673Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":39407,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"424238335\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.673Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"message":"{\"Module\": \"Bash History\", \"user\": \"pedro\", \"bash_commands\": [\"diskutil list\", \"cd \", \"sudo -i\", \"ls /var/log/\", \"cd /var/log/osquery/\", \"ls\", \"ls -la\", \"clear\", \"clear\", \"cd\", \"clear\", \"sudo -i\", \"/tmp/\", \"clear\", \"sudo -i\", \"cd Downloads/\", \"ls\", \"cd filebeat-6.5.4-darwin-x86_64/\", \"sudo -i\", \"cd Downloads/\", \"ls\", \"clear\", \"ls\", \"cd filebeat-6.5.4-darwin-x86_64/\", \"ls\", \"nano filebeat\", \"nano filebeat.yml \", \"sudo -i\", \"\"]}","source":"/tmp/pedros-Mac.local.json","offset":39589} | |
| ^CProcessed a total of 623 messages | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"offset":0,"message":"{\"Hostname\": \"pedros-Mac.local\", \"users\": [\"daemon\", \"nobody\", \"pedro\", \"root\", \"\"], \"module\": \"Users\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":104,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SIP Status\": \"enabled\", \"module\": \"System Intergrity Protection\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":204,"message":"{\"kernel\": \"18.2.0\", \"hostname\": \"pedros-Mac.local\", \"kernel_release\": \"xnu-4903.231.4~2/RELEASE_X86_64\", \"module\": \"System Info\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":335,"message":"{\"date\": \"2018-12-11T07:31:45\", \"packageIdentifiers\": [\"com.apple.pkg.Core\", \"com.apple.pkg.EmbeddedOSFirmware\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"SU_TITLE\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-11T07:44:31\", \"packageIdentifiers\": [\"com.parallels.pkg.guestostools.audio\", \"com.parallels.pkg.guestostools.video\", \"com.parallels.pkg.guestostools.tg\", \"com.parallels.pkg.guestostools.network\", \"com.parallels.pkg.guestostools.hosttime\", \"com.parallels.pkg.guestostools.sf\", \"com.parallels.pkg.guestostools.ts\", \"com.parallels.pkg.guestostools.ut\", \"com.parallels.pkg.guestostools.coherence\", \"com.parallels.pkg.guestostools.iagent\", \"com.parallels.pkg.guestostools.copypaste\", \"com.parallels.pkg.guestostools.dragdrop\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Parallels Tools for Mac\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":537,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":1181,"message":"{\"date\": \"2018-12-11T08:13:23\", \"packageIdentifiers\": [\"com.apple.pkg.macOSUpdCombo10.13.6Auto.RecoveryHDUpdate.17G65\", \"com.apple.pkg.macOSBrain\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS High Sierra 10.13.6 Update\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":1442,"message":"{\"date\": \"2018-12-11T08:13:23\", \"packageIdentifiers\": [\"com.apple.pkg.iTunesX\", \"com.apple.pkg.iTunesAccess\", \"com.apple.pkg.CoreFP\", \"com.apple.pkg.CoreADI\", \"com.apple.pkg.MobileDevice\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"iTunes\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":1718,"message":"{\"date\": \"2018-12-11T08:21:34\", \"packageIdentifiers\": [\"com.apple.pkg.FirmwareUpdate\", \"com.apple.pkg.update.os.Combo10.13.6Auto.17G65\", \"com.apple.pkg.SecureBoot\", \"com.apple.pkg.EmbeddedOSFirmware\", \"com.apple.update.fullbundleupdate.17G65\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS High Sierra 10.13.6 Update\", \"module\": \"Install History\"}"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":2075,"message":"{\"date\": \"2018-12-11T11:06:24\", \"packageIdentifiers\": [\"com.apple.pkg.Safari12.0.2HighSierraAuto\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Safari\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":2261,"message":"{\"date\": \"2018-12-11T11:06:24\", \"packageIdentifiers\": [\"com.apple.pkg.macOSBrain\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Security Update 2018-003\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-11T18:36:42\", \"packageIdentifiers\": [\"com.apple.pkg.InstallAssistantAuto\", \"com.apple.pkg.InstallESDDmg\", \"com.apple.pkg.RecoveryHDMetaDmg\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS Mojave\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":2449} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":2701,"message":"{\"date\": \"2018-12-11T19:01:35\", \"packageIdentifiers\": [\"com.apple.pkg.Core\", \"com.apple.pkg.EmbeddedOSFirmware\", \"com.apple.pkg.SecureBoot\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"SU_TITLE\", \"module\": \"Install History\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":2931,"message":"{\"date\": \"2018-12-13T10:15:59\", \"packageIdentifiers\": [\"com.apple.pkg.XProtectPlistConfigData.16U4040\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"XProtectPlistConfigData\", \"module\": \"Install History\"}"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-13T10:16:01\", \"packageIdentifiers\": [\"com.apple.pkg.GatekeeperConfigData.16U1642\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Gatekeeper Configuration Data\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":3139} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":3350,"message":"{\"date\": \"2018-12-13T10:16:14\", \"packageIdentifiers\": [\"com.apple.pkg.TCCConfigData.16U1640\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"TCC Configuration Data\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":3547,"message":"{\"date\": \"2018-12-13T10:16:26\", \"packageIdentifiers\": [\"com.apple.pkg.MRTConfigData.16U4046\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"MRTConfigData\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"offset":3735,"message":"{\"date\": \"2018-12-13T10:45:39\", \"packageIdentifiers\": [\"com.facebook.osquery\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"osquery-3.3.0\", \"module\": \"Install History\"}"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":3908,"message":"{\"date\": \"2018-12-13T10:47:27\", \"packageIdentifiers\": [\"ch.roe.xnumon\", \"ch.roe.kext.xnumon\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"xnumon\", \"module\": \"Install History\"}"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"offset":4089,"message":"{\"date\": \"2019-02-22T18:28:42\", \"packageIdentifiers\": [\"com.apple.pkg.GatekeeperConfigData.16U1679\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Gatekeeper Configuration Data\", \"module\": \"Install History\"}"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2019-02-22T18:28:54\", \"packageIdentifiers\": [\"com.parallels.pkg.guestostools.audio\", \"com.parallels.pkg.guestostools.video\", \"com.parallels.pkg.guestostools.tg\", \"com.parallels.pkg.guestostools.network\", \"com.parallels.pkg.guestostools.hosttime\", \"com.parallels.pkg.guestostools.sf\", \"com.parallels.pkg.guestostools.ts\", \"com.parallels.pkg.guestostools.ut\", \"com.parallels.pkg.guestostools.coherence\", \"com.parallels.pkg.guestostools.iagent\", \"com.parallels.pkg.guestostools.copypaste\", \"com.parallels.pkg.guestostools.dragdrop\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Parallels Tools for Mac\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":4300} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":4944,"input":{"type":"log"},"prospector":{"type":"log"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"message":"{\"date\": \"2019-02-22T18:29:24\", \"packageIdentifiers\": [\"com.apple.pkg.MRTConfigData.16U4050\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"MRTConfigData\", \"module\": \"Install History\"}"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":5132,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Gatekeeper Status\", \"Gatekeeper Status\": \"assessments enabled\\n\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":5242,"message":"{\"Process Name\": \"apsd\", \"Process ID\": \"390\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49172-\u003e17.249.172.94:5223\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":5454,"message":"{\"Process Name\": \"apsd\", \"Process ID\": \"390\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49172-\u003e17.249.172.94:5223\"}"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"host":{"architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":5666,"message":"{\"TERM\": \"xterm-256color\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":5760,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SSH_AUTH_SOCK\": \"/private/tmp/com.apple.launchd.B3dIjdIaHW/Listeners\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":5900,"message":"{\"PATH\": \"/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":6024,"message":"{\"LANG\": \"en_US.UTF-8\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"HOME\": \"/Users/pedro\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"offset":6115} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":6207,"message":"{\"MAIL\": \"/var/mail/root\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":6301,"message":"{\"Hostname\": \"pedros-Mac.local\", \"LOGNAME\": \"root\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local","architecture":"x86_64"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"USER\": \"root\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","offset":6388,"input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":6472,"message":"{\"USERNAME\": \"root\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":6560,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SHELL\": \"/bin/sh\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.707Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"SUDO_COMMAND\": \"/usr/bin/python /Users/pedro/Desktop/Venator.py -d /tmp/\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"offset":6648} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":6792,"message":"{\"SUDO_USER\": \"pedro\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"SUDO_UID\": \"501\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"offset":6882} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":6969,"message":"{\"SUDO_GID\": \"20\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":7055,"message":"{\"__CF_USER_TEXT_ENCODING\": \"0x0:0:0\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\", \"VERSIONER_PYTHON_VERSION\": \"2.7\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":7161} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"VERSIONER_PYTHON_PREFER_32_BIT\": \"no\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":7264} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":7372,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":7440,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Periodic Scripts\", \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"]}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Periodic Scripts\", \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"], \"/etc/periodic/weekly/\": [\"320.whatis\", \"999.local\"]}","source":"/tmp/pedros-Mac.local.json","offset":7692,"input":{"type":"log"},"prospector":{"type":"log"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"offset":7998,"message":"{\"/etc/periodic/monthly/\": [\"199.rotate-fax\", \"999.local\", \"200.accounting\"], \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"], \"Hostname\": \"pedros-Mac.local\", \"/etc/periodic/weekly/\": [\"320.whatis\", \"999.local\"], \"module\": \"Periodic Scripts\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":8381,"message":"{\"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"module\": \"Cron Jobs\"}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":8491,"message":"{\"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"module\": \"Cron Jobs\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"module\": \"Cron Jobs\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local"},"offset":8655} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"offset":8871,"message":"{\"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"root\": [\"crontab: no crontab for root\\n\", null], \"module\": \"Cron Jobs\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"offset":9137,"message":"{\"\": [\"crontab: user `' unknown\\n\", null], \"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"root\": [\"crontab: no crontab for root\\n\", null], \"module\": \"Cron Jobs\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"offset":9445,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Emond Rules\", \"/etc/emond.d/rules/SampleRules.plist\": [{\"name\": \"sample rule\", \"allowPartialCriterionMatch\": false, \"enabled\": false, \"actions\": [{\"logLevel\": \"Notice\", \"logType\": \"syslog\", \"message\": \"Event Monitor started at ${builtin:now}\", \"type\": \"Log\"}], \"criterion\": [{\"operator\": \"True\"}], \"eventTypes\": [\"startup\"]}]}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":9816,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/dynres\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"9264fcec329d0be901973f7469afd187856d047f51840558d938a256921192d3\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.DynresHelper\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/dynres\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.DynresHelper.plist\"}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":10338,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/prlfs_desktop.sh\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"a4e067967acd4120b0ad1925c31987a1e672cee35fef846c0fe22921eee0ab0d\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.vm.sharedfolders.desktop\", \"Program Arguments\": \"'/Library/Parallels Guest Tools/prlfs_desktop.sh'\", \"Program\": \"None\", \"Executable Hash\": \"382727143bd3e1a9d82bac85f6ff7a6962d1bbc7c5c16a68733e0f27e594032b\", \"Path\": \"/Library/LaunchAgents/com.parallels.vm.sharedfolders.desktop.plist\"}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":10947,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/prldragdrop\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"6cadda04967edec8818405617ad627efef8ffd6614e09ed9eff666200b86c8cb\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.dragdrop\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/prldragdrop\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.dragdrop.plist\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":11471,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/coherence\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"435edf3ca7ddbf4ca91f40ac10327cb1f66676bf6ab909a042287ed8ed3d6eb5\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.coherence\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/coherence\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.coherence.plist\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":11993,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/apphelper\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"e7e8652328c96832cfab914b4c9c6cac3ca446e58e11e48adf48bee99218a376\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.iagent\", \"Program Arguments\": \"'/Library/Parallels Guest Tools/apphelper', 'ptiagent'\", \"Program\": \"None\", \"Executable Hash\": \"a83b7633e5982d521c3330a54beba3b17a20dbfed567411484e56b311709b01d\", \"Path\": \"/Library/LaunchAgents/com.parallels.iagent.plist\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Executable\": \"/Library/Parallels Guest Tools/copypaste\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"84b3cbf2d559efe52f3480834a516fe13d9e450c4fa7cee3d0b22415cc070a66\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.copypaste\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/copypaste\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.copypaste.plist\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":12564} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":13086,"message":"{\"Program Arguments\": \"['/usr/local/sbin/xnumon', '-d']\", \"Executable\": \"/usr/local/sbin/xnumon\", \"Program\": \"/usr/local/sbin/xnumon\", \"hash\": \"ccd1b402cf7db9b544b1d7bc93e4c64adbba3b7ebfc9ada5c7afa1a2f7f0d095\", \"Executable Hash\": \"5ad746178928803c53fc7ce7729e186249cdce96581f258a74da0cce74d486e7\", \"Path\": \"/Library/LaunchDaemons/ch.roe.xnumon.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"ch.roe.xnumon\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":13524,"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/timesync']\", \"Executable\": \"/Library/Parallels Guest Tools/timesync\", \"Program\": \"None\", \"hash\": \"fbc6f396850a32032d48998dd7baa863d0f7cdf9dae1be77936ed83631fc1743\", \"Executable Hash\": \"94f43cc60b229e5927724a6f09eaec7fcad108303b9a8674e558f40f87efef15\", \"Path\": \"/Library/LaunchDaemons/com.parallels.TimeSync.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.TimeSync\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Program Arguments\": \"['/usr/local/bin/osqueryd', '--flagfile=/private/var/osquery/osquery.flags']\", \"Executable\": \"/usr/local/bin/osqueryd\", \"Program\": \"None\", \"hash\": \"a8f69ec43386f17fb05416170b6103c2c09fb97d5f1cebe900ce81b42b1e9c9e\", \"Executable Hash\": \"10e78f5d173499e340c3582eeded49bbadde83f515e501d8a37a270d87138f56\", \"Path\": \"/Library/LaunchDaemons/com.facebook.osqueryd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.facebook.osqueryd\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":13990} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":14471,"message":"{\"Program Arguments\": \"['/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMessageTracer']\", \"Executable\": \"/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMessageTracer\", \"Program\": \"None\", \"hash\": \"120fb9acd8820b3459fdd179929a8f07bd7a9197eb45a45cc2c6dac8df2b94c1\", \"Executable Hash\": \"612574af8f160120fde32b53ce47ffe372a40267bfdb0c2f3e08aa59322b9f52\", \"Path\": \"/Library/LaunchDaemons/com.apple.installer.osmessagetracing.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.apple.installer.osmessagetracing\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":15049,"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/prl_fsd', '/Volumes/SharedFolders', '--share']\", \"Executable\": \"/Library/Parallels Guest Tools/prl_fsd\", \"Program\": \"None\", \"hash\": \"2ca857c31b98d19f929f5226e8a9396af13e0a3d81bb799ee7906b4d8ba7a1a1\", \"Executable Hash\": \"1c6ee9620475711ffb75bc44428d9499eb50ff735d9241bccb669fe3c0ba37b3\", \"Path\": \"/Library/LaunchDaemons/com.parallels.vm.prl_fsd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.vm.prl_fsd\"}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/prltoolsd']\", \"Executable\": \"/Library/Parallels Guest Tools/prltoolsd\", \"Program\": \"None\", \"hash\": \"d0c3be9808df1607155cd38bee880dab2a6a367370355d9072040ce45776a98f\", \"Executable Hash\": \"6b7fab3dfbff44ad08e557edf46bd4185f4d33bb3a9db5b419eeee6e5ed7820d\", \"Path\": \"/Library/LaunchDaemons/com.parallels.vm.prltoolsd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.vm.prltoolsd\"}","source":"/tmp/pedros-Mac.local.json","offset":15554,"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":16030,"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOExpressSASHBA2\", \"CFBundleExecutable\": \"ATTOExpressSASHBA2\", \"CFBundleName\": \"ATTOExpressSASHBA2\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOExpressSASHBA2.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO ExpressSAS HBA Driver 2.61.0f1 Copyright 2008-2018, ATTO Technology, Inc.\"}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":16457,"message":"{\"CFBundleIdentifier\": \"com.parallels.tools.ga\", \"CFBundleExecutable\": \"prl_video_ga\", \"CFBundleName\": \"Parallels Graphics Accelerator Plugin\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_video_ga.plugin/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}"} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.video\", \"CFBundleExecutable\": \"prl_video\", \"CFBundleName\": \"Parallels Framebuffer Driver\", \"OSBundleRequired\": \"Safe Boot\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_video.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":16851} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":17237,"message":"{\"CFBundleIdentifier\": \"com.Accusys.driver.Acxxx\", \"CFBundleExecutable\": \"ACS6x\", \"CFBundleName\": \"ACS6x\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ACS6x.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ACS6x 3.5.3 Copyright (c) 2004-2017 Accusys, Inc.\"}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":17586,"message":"{\"CFBundleIdentifier\": \"com.softraid.driver.SoftRAID\", \"CFBundleExecutable\": \"SoftRAID\", \"CFBundleName\": \"SoftRAID\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/SoftRAID.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"SoftRAID version 5.6.6, Copyright \\u00a9 2002-18 Other World Computing, Inc. All rights reserved.\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local","architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":17989,"message":"{\"CFBundleIdentifier\": \"com.highpoint-tech.kext.HighPointIOP\", \"CFBundleExecutable\": \"HighPointIOP\", \"CFBundleName\": \"HighPointIOP\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/HighPointIOP.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 4.4.1, Copyright (c) 2015 HighPoint Technologies, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":18385,"message":"{\"CFBundleIdentifier\": \"com.CalDigit.driver.HDPro\", \"CFBundleExecutable\": \"CalDigitHDProDrv\", \"CFBundleName\": \"CalDigitHDProDrv\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/CalDigitHDProDrv.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"CalDigitHDProDrv 2.1.2 Copyright (c) 2004-2009 CalDigit, Inc.\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"offset":18780,"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.eth\", \"CFBundleExecutable\": \"prl_eth\", \"CFBundleName\": null, \"OSBundleRequired\": \"Network-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_eth.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": null}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":19083,"message":"{\"CFBundleIdentifier\": \"com.parallels.driver.AppleIntelAC97Controller\", \"CFBundleExecutable\": \"AppleIntelAC97Controller\", \"CFBundleName\": \"Intel AC97 Controller Driver\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/AppleIntelAC97Controller.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version 1.1.0, Copyright 2002-2003 Apple Computer, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":19512,"message":"{\"CFBundleIdentifier\": \"com.highpoint-tech.kext.HighPointRR\", \"CFBundleExecutable\": \"HighPointRR\", \"CFBundleName\": \"HighPointRR\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/HighPointRR.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 4.13.6, Copyright (c) 2017 HighPoint Technologies, Inc.\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"CFBundleIdentifier\": \"com.Areca.ArcMSR\", \"CFBundleExecutable\": \"ArcMSR\", \"CFBundleName\": \"ArcMSR\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ArcMSR.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Areca Driver 1.3.9\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":19905} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":20218,"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOCelerityFC8\", \"CFBundleExecutable\": \"ATTOCelerityFC8\", \"CFBundleName\": \"ATTOCelerityFC8\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOCelerityFC8.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO Celerity FC Driver 3.26.0f1 Copyright 2008-2018, ATTO Technology, Inc.\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":20630,"message":"{\"CFBundleIdentifier\": \"ch.roe.kext.xnumon\", \"CFBundleExecutable\": \"xnumon\", \"CFBundleName\": \"xnumon\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/xnumon.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": null}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"message":"{\"CFBundleIdentifier\": \"com.promise.driver.stex\", \"CFBundleExecutable\": \"PromiseSTEX\", \"CFBundleName\": \"PromiseSTEX\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/PromiseSTEX.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 6.2.9, Copyright (c) 2010-2017 Promise Technology, Inc.\"}","source":"/tmp/pedros-Mac.local.json","offset":20921,"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.tg\", \"CFBundleExecutable\": \"prl_tg\", \"CFBundleName\": \"prl_tg\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_tg.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":21302} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":21650,"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOExpressSASRAID2\", \"CFBundleExecutable\": \"ATTOExpressSASRAID2\", \"CFBundleName\": \"ATTOExpressSASRAID2\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOExpressSASRAID2.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO ExpressSAS RAID Driver 3.76 Copyright 2009-2016, ATTO Technology, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local"},"offset":22078,"message":"{\"CFBundleIdentifier\": \"com.parallels.driver.AppleIntelAC97Audio\", \"CFBundleExecutable\": \"AppleIntelAC97Audio\", \"CFBundleName\": \"Intel AC97 Audio Driver\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/AppleIntelAC97Audio.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version 1.1.0, Copyright 2002-2003 Apple Computer, Inc.\"}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":22487,"message":"{\"Application\": \"/Applications/Siri.app\", \"module\": \"Applications\", \"App Hash\": \"659ce5b6f49531752edfd1b202a11a01d9cbe579e95e521d19f1b3fdbc0cb004\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Siri.app/Contents/MacOS/Siri\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":22883,"message":"{\"Application\": \"/Applications/QuickTime Player.app\", \"module\": \"Applications\", \"App Hash\": \"9f925e75b5363a9d91ac2f70f6576eacf98bcb396e3a85bb2e419f7cea0113c9\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/QuickTime Player.app/Contents/MacOS/QuickTime Player\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":23315,"message":"{\"Application\": \"/Applications/Chess.app\", \"module\": \"Applications\", \"App Hash\": \"615b1feb2bbd494aed09591672a7f931af687cad1e8c644c2160004648f62050\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Chess.app/Contents/MacOS/Chess\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":23714,"message":"{\"Application\": \"/Applications/Photo Booth.app\", \"module\": \"Applications\", \"App Hash\": \"c26dd0b8cce3f53ab2c93c542ca7fffd8d4bf5bafa19c4201c2ad819bcddba2a\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Photo Booth.app/Contents/MacOS/Photo Booth\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.708Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"offset":24131,"message":"{\"Application\": \"/Applications/Books.app\", \"module\": \"Applications\", \"App Hash\": \"4a75c9f5efdb87c88eb59b980bac2ffd10e534c8a034786ff3ae6030e9f9cf01\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Books.app/Contents/MacOS/Books\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":24530,"message":"{\"Application\": \"/Applications/.DS_Store\", \"module\": \"Applications\", \"App Hash\": \"4a75c9f5efdb87c88eb59b980bac2ffd10e534c8a034786ff3ae6030e9f9cf01\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Books.app/Contents/MacOS/Books\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Notes.app\", \"module\": \"Applications\", \"App Hash\": \"67e7e537427584acc50f0cd34d141f08c20796ea42073509299a9e73c9ec4fff\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Notes.app/Contents/MacOS/Notes\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"offset":24929} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":25328,"message":"{\"Application\": \"/Applications/Image Capture.app\", \"module\": \"Applications\", \"App Hash\": \"1c5fac3acbe9dc846926c39762cb41a5c0e14160eb6b1ecae903d08c2d186c32\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Image Capture.app/Contents/MacOS/Image Capture\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"offset":25751,"message":"{\"Application\": \"/Applications/Home.app\", \"module\": \"Applications\", \"App Hash\": \"36e01c95cd54d08aa3f320e9338564bd4c532da9e78344eeb6ed9ff62f521045\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Home.app/Contents/MacOS/Home\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":26147,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"message":"{\"Application\": \"/Applications/.localized\", \"module\": \"Applications\", \"App Hash\": \"36e01c95cd54d08aa3f320e9338564bd4c532da9e78344eeb6ed9ff62f521045\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Home.app/Contents/MacOS/Home\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"offset":26545,"message":"{\"Application\": \"/Applications/Preview.app\", \"module\": \"Applications\", \"App Hash\": \"0f9d95339af191875392222af88fa151f937eddb3c02f81a5024e4bb7022709d\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Preview.app/Contents/MacOS/Preview\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":26950,"message":"{\"Application\": \"/Applications/Dashboard.app\", \"module\": \"Applications\", \"App Hash\": \"d16b45973a6329296ada0e0d8dc413a00f8f2c95cc472b3eb36fd1a7080ed9a7\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Dashboard.app/Contents/MacOS/Dashboard\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/News.app\", \"module\": \"Applications\", \"App Hash\": \"91733567592d94d416d995e1c858ac9f3b8f094d89eeca145ff590bfdac7782b\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/News.app/Contents/MacOS/News\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":27361} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":27757,"message":"{\"Application\": \"/Applications/TextEdit.app\", \"module\": \"Applications\", \"App Hash\": \"7b3f956664bd79dece5bbb4087b46968e7f2fd8773b1e0178be845d40e4116de\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/TextEdit.app/Contents/MacOS/TextEdit\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":28165,"message":"{\"Application\": \"/Applications/Stocks.app\", \"module\": \"Applications\", \"App Hash\": \"79f68b48a37f052997f5f9c773b5167ed582bbb78fb04d5ad25c131de54859dd\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Stocks.app/Contents/MacOS/Stocks\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":28567,"message":"{\"Application\": \"/Applications/Mail.app\", \"module\": \"Applications\", \"App Hash\": \"c5a5ccd6364304e0e2ffa765d80a32a3518d5f2127e4b064a80d71f64d28126a\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Mail.app/Contents/MacOS/Mail\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"Application\": \"/Applications/Safari.app\", \"module\": \"Applications\", \"App Hash\": \"fc635209818abaa4ae37b54c6efad8b5b58c80ba6b7f29e05bee30289fd8dd49\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Safari.app/Contents/MacOS/Safari\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":28963} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Dictionary.app\", \"module\": \"Applications\", \"App Hash\": \"85d63b59e0ace173290fa0a29827eddd65bb5d66e610903bbad4420c338b809c\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Dictionary.app/Contents/MacOS/Dictionary\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":29365} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":29779,"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"message":"{\"Application\": \"/Applications/Contacts.app\", \"module\": \"Applications\", \"App Hash\": \"8ca4b70162b001ca23c77f381101649750d306f684c8646dc231584e57ab0783\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Contacts.app/Contents/MacOS/Contacts\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":30187,"message":"{\"Application\": \"/Applications/Time Machine.app\", \"module\": \"Applications\", \"App Hash\": \"21d7852366d8deed020fd1299dff162e8de86a68e3a2828d1b5d3d1a6dd021f3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Time Machine.app/Contents/MacOS/Time Machine\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Utilities\", \"module\": \"Applications\", \"App Hash\": \"21d7852366d8deed020fd1299dff162e8de86a68e3a2828d1b5d3d1a6dd021f3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Time Machine.app/Contents/MacOS/Time Machine\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":30607} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":31020,"message":"{\"Application\": \"/Applications/Font Book.app\", \"module\": \"Applications\", \"App Hash\": \"bd4f183e948eceadcbc899016a06d8b4a5b8ff6f9b17a86236bf035f8a76e0b3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Font Book.app/Contents/MacOS/Font Book\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":31431,"message":"{\"Application\": \"/Applications/FaceTime.app\", \"module\": \"Applications\", \"App Hash\": \"2b2d847841d19024d96b87c5fdf2c680f6175afcce6bd64b416ff0810e555ace\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/FaceTime.app/Contents/MacOS/FaceTime\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"offset":31839,"message":"{\"Application\": \"/Applications/Maps.app\", \"module\": \"Applications\", \"App Hash\": \"fb4f140d7113177fcfb1f648cadb53c14f993413c1595a008eca5f6a51d65594\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Maps.app/Contents/MacOS/Maps\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:34:28.709Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Mission Control.app\", \"module\": \"Applications\", \"App Hash\": \"ab3777237bd55d8c989753ed7e689f14d12080d8a0424c515be49fa51e20626d\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Mission Control.app/Contents/MacOS/Mission Control\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":32235} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":32664,"message":"{\"Application\": \"/Applications/Stickies.app\", \"module\": \"Applications\", \"App Hash\": \"2d99b9eff803ae0f12f862e49f2acb61f366a20a297bf336af39dbdcd3a4ff77\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Stickies.app/Contents/MacOS/Stickies\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":33072,"message":"{\"Application\": \"/Applications/Photos.app\", \"module\": \"Applications\", \"App Hash\": \"e5ba1e45ea442103882e56876d4c1ac134001e6ee01be3f91cc1fd55bc564226\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Photos.app/Contents/MacOS/Photos\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":33474,"message":"{\"Application\": \"/Applications/Messages.app\", \"module\": \"Applications\", \"App Hash\": \"ac927ae17bf5173a31a429be099b1fad74756c1130b96f0d9a3e643ea2e766b0\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Messages.app/Contents/MacOS/Messages\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Calculator.app\", \"module\": \"Applications\", \"App Hash\": \"e7edb05f935b66021a108082107523cef18d934a9c176cfdee16a81158a44cb7\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Calculator.app/Contents/MacOS/Calculator\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":33882} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":34296,"message":"{\"Application\": \"/Applications/VoiceMemos.app\", \"module\": \"Applications\", \"App Hash\": \"ad72e1623011457e03c8c662a0a18d1fbaaf44eec359d48413dd5bdb9517afbf\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/VoiceMemos.app/Contents/MacOS/VoiceMemos\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":34710,"message":"{\"Application\": \"/Applications/iTunes.app\", \"module\": \"Applications\", \"App Hash\": \"94c3d7870dd1a865e2f27a64f9cbd3182424123ffec79c788ac98d37f0f009ee\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/iTunes.app/Contents/MacOS/iTunes\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"offset":35112,"message":"{\"Application\": \"/Applications/Launchpad.app\", \"module\": \"Applications\", \"App Hash\": \"3a24761426ebbb9c889c4cc806e9a241f296459cb243eec9e4492d70ef58f2d8\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Launchpad.app/Contents/MacOS/Launchpad\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":35523,"message":"{\"Application\": \"/Applications/Reminders.app\", \"module\": \"Applications\", \"App Hash\": \"ea8f7ca6790139d2dd7d2e72ad9a2b8153f0228ccb7c4f643006bbf69a66fc55\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Reminders.app/Contents/MacOS/Reminders\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":35934,"message":"{\"Application\": \"/Applications/App Store.app\", \"module\": \"Applications\", \"App Hash\": \"c895b9f090d52298539d3ad6f0e0c3a3c9d32517c9fa43e82c45617177c69b07\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/App Store.app/Contents/MacOS/App Store\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"offset":36345,"message":"{\"Application\": \"/Applications/Automator.app\", \"module\": \"Applications\", \"App Hash\": \"05e9783f41567545e92e239ba629515eb8e6b6ba9d79cae3fb204dff2dd713a9\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Automator.app/Contents/MacOS/Automator\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":36756,"message":"{\"Application\": \"/Applications/Calendar.app\", \"module\": \"Applications\", \"App Hash\": \"6fbc168c2b14270aefb3ad1a73efea31a571600fe85c9344abc37d7a4f6ed64b\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Calendar.app/Contents/MacOS/Calendar\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":37164,"message":"{\"Application\": \"/Applications/System Preferences.app\", \"module\": \"Applications\", \"App Hash\": \"bed7eeac83d232a0d090a4158b3a1872aaa8744235b8d6dcb7f933087258cff5\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/System Preferences.app/Contents/MacOS/System Preferences\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"1189641421\", \"Tapping Process Name\": \"/System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"334\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":37602} | |
| {"@timestamp":"2019-02-25T12:34:29.724Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":37844,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"596516649\", \"Tapping Process Name\": \"/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"315\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:34:29.725Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":38136,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"1649760492\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"False\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:29.725Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":38320,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"719885386\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"False\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:29.725Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":38503,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"424238335\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:34:29.725Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":38685,"message":"{\"Module\": \"Bash History\", \"user\": \"pedro\", \"bash_commands\": [\"diskutil list\", \"cd \", \"sudo -i\", \"ls /var/log/\", \"cd /var/log/osquery/\", \"ls\", \"ls -la\", \"clear\", \"clear\", \"cd\", \"clear\", \"sudo -i\", \"/tmp/\", \"clear\", \"sudo -i\", \"cd Downloads/\", \"ls\", \"cd filebeat-6.5.4-darwin-x86_64/\", \"sudo -i\", \"cd Downloads/\", \"ls\", \"clear\", \"ls\", \"cd filebeat-6.5.4-darwin-x86_64/\", \"ls\", \"nano filebeat\", \"nano filebeat.yml \", \"sudo -i\", \"\"]}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.807Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":0,"message":"{\"Hostname\": \"pedros-Mac.local\", \"users\": [\"daemon\", \"nobody\", \"pedro\", \"root\", \"\"], \"module\": \"Users\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"Hostname\": \"pedros-Mac.local\", \"SIP Status\": \"enabled\", \"module\": \"System Intergrity Protection\"}","source":"/tmp/pedros-Mac.local.json","offset":104,"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":204,"message":"{\"kernel\": \"18.2.0\", \"hostname\": \"pedros-Mac.local\", \"kernel_release\": \"xnu-4903.231.4~2/RELEASE_X86_64\", \"module\": \"System Info\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-11T07:31:45\", \"packageIdentifiers\": [\"com.apple.pkg.Core\", \"com.apple.pkg.EmbeddedOSFirmware\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"SU_TITLE\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":335} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":537,"message":"{\"date\": \"2018-12-11T07:44:31\", \"packageIdentifiers\": [\"com.parallels.pkg.guestostools.audio\", \"com.parallels.pkg.guestostools.video\", \"com.parallels.pkg.guestostools.tg\", \"com.parallels.pkg.guestostools.network\", \"com.parallels.pkg.guestostools.hosttime\", \"com.parallels.pkg.guestostools.sf\", \"com.parallels.pkg.guestostools.ts\", \"com.parallels.pkg.guestostools.ut\", \"com.parallels.pkg.guestostools.coherence\", \"com.parallels.pkg.guestostools.iagent\", \"com.parallels.pkg.guestostools.copypaste\", \"com.parallels.pkg.guestostools.dragdrop\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Parallels Tools for Mac\", \"module\": \"Install History\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"offset":1181,"message":"{\"date\": \"2018-12-11T08:13:23\", \"packageIdentifiers\": [\"com.apple.pkg.macOSUpdCombo10.13.6Auto.RecoveryHDUpdate.17G65\", \"com.apple.pkg.macOSBrain\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS High Sierra 10.13.6 Update\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":1442,"message":"{\"date\": \"2018-12-11T08:13:23\", \"packageIdentifiers\": [\"com.apple.pkg.iTunesX\", \"com.apple.pkg.iTunesAccess\", \"com.apple.pkg.CoreFP\", \"com.apple.pkg.CoreADI\", \"com.apple.pkg.MobileDevice\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"iTunes\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":1718,"message":"{\"date\": \"2018-12-11T08:21:34\", \"packageIdentifiers\": [\"com.apple.pkg.FirmwareUpdate\", \"com.apple.pkg.update.os.Combo10.13.6Auto.17G65\", \"com.apple.pkg.SecureBoot\", \"com.apple.pkg.EmbeddedOSFirmware\", \"com.apple.update.fullbundleupdate.17G65\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS High Sierra 10.13.6 Update\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":2075,"message":"{\"date\": \"2018-12-11T11:06:24\", \"packageIdentifiers\": [\"com.apple.pkg.Safari12.0.2HighSierraAuto\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Safari\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":2261,"message":"{\"date\": \"2018-12-11T11:06:24\", \"packageIdentifiers\": [\"com.apple.pkg.macOSBrain\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Security Update 2018-003\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64","name":"pedros-Mac.local"},"offset":2449,"message":"{\"date\": \"2018-12-11T18:36:42\", \"packageIdentifiers\": [\"com.apple.pkg.InstallAssistantAuto\", \"com.apple.pkg.InstallESDDmg\", \"com.apple.pkg.RecoveryHDMetaDmg\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS Mojave\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":2701,"message":"{\"date\": \"2018-12-11T19:01:35\", \"packageIdentifiers\": [\"com.apple.pkg.Core\", \"com.apple.pkg.EmbeddedOSFirmware\", \"com.apple.pkg.SecureBoot\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"SU_TITLE\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":2931,"message":"{\"date\": \"2018-12-13T10:15:59\", \"packageIdentifiers\": [\"com.apple.pkg.XProtectPlistConfigData.16U4040\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"XProtectPlistConfigData\", \"module\": \"Install History\"}"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":3139,"message":"{\"date\": \"2018-12-13T10:16:01\", \"packageIdentifiers\": [\"com.apple.pkg.GatekeeperConfigData.16U1642\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Gatekeeper Configuration Data\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":3350,"message":"{\"date\": \"2018-12-13T10:16:14\", \"packageIdentifiers\": [\"com.apple.pkg.TCCConfigData.16U1640\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"TCC Configuration Data\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":3547,"message":"{\"date\": \"2018-12-13T10:16:26\", \"packageIdentifiers\": [\"com.apple.pkg.MRTConfigData.16U4046\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"MRTConfigData\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":3735,"message":"{\"date\": \"2018-12-13T10:45:39\", \"packageIdentifiers\": [\"com.facebook.osquery\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"osquery-3.3.0\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":3908,"message":"{\"date\": \"2018-12-13T10:47:27\", \"packageIdentifiers\": [\"ch.roe.xnumon\", \"ch.roe.kext.xnumon\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"xnumon\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":4089,"message":"{\"date\": \"2019-02-22T18:28:42\", \"packageIdentifiers\": [\"com.apple.pkg.GatekeeperConfigData.16U1679\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Gatekeeper Configuration Data\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2019-02-22T18:28:54\", \"packageIdentifiers\": [\"com.parallels.pkg.guestostools.audio\", \"com.parallels.pkg.guestostools.video\", \"com.parallels.pkg.guestostools.tg\", \"com.parallels.pkg.guestostools.network\", \"com.parallels.pkg.guestostools.hosttime\", \"com.parallels.pkg.guestostools.sf\", \"com.parallels.pkg.guestostools.ts\", \"com.parallels.pkg.guestostools.ut\", \"com.parallels.pkg.guestostools.coherence\", \"com.parallels.pkg.guestostools.iagent\", \"com.parallels.pkg.guestostools.copypaste\", \"com.parallels.pkg.guestostools.dragdrop\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Parallels Tools for Mac\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":4300,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":4944,"message":"{\"date\": \"2019-02-22T18:29:24\", \"packageIdentifiers\": [\"com.apple.pkg.MRTConfigData.16U4050\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"MRTConfigData\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":5132,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Gatekeeper Status\", \"Gatekeeper Status\": \"assessments enabled\\n\"}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":5242,"message":"{\"Process Name\": \"apsd\", \"Process ID\": \"390\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49172-\u003e17.249.172.94:5223\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":5454,"message":"{\"Process Name\": \"apsd\", \"Process ID\": \"390\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49172-\u003e17.249.172.94:5223\"}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Process Name\": \"filebeat\", \"Process ID\": \"2369\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49296-\u003e172.16.250.152:XmlIpcRegSvc\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":5666} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":5892,"message":"{\"Process Name\": \"filebeat\", \"Process ID\": \"2369\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49297-\u003e172.16.250.152:XmlIpcRegSvc\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":6118,"message":"{\"TERM\": \"xterm-256color\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":6212,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SSH_AUTH_SOCK\": \"/private/tmp/com.apple.launchd.B3dIjdIaHW/Listeners\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":6352,"message":"{\"PATH\": \"/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":6476,"message":"{\"LANG\": \"en_US.UTF-8\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"HOME\": \"/Users/pedro\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","offset":6567,"prospector":{"type":"log"},"input":{"type":"log"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":6659,"message":"{\"MAIL\": \"/var/mail/root\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"LOGNAME\": \"root\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":6753} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local","architecture":"x86_64"},"offset":6840,"message":"{\"Hostname\": \"pedros-Mac.local\", \"USER\": \"root\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":6924,"message":"{\"USERNAME\": \"root\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":7012,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SHELL\": \"/bin/sh\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"message":"{\"SUDO_COMMAND\": \"/usr/bin/python /Users/pedro/Desktop/Venator.py -d /tmp/\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","offset":7100} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":7244,"message":"{\"SUDO_USER\": \"pedro\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":7334,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SUDO_UID\": \"501\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":7421,"message":"{\"SUDO_GID\": \"20\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":7507,"message":"{\"__CF_USER_TEXT_ENCODING\": \"0x0:0:0\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":7613,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\", \"VERSIONER_PYTHON_VERSION\": \"2.7\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"offset":7716,"message":"{\"Hostname\": \"pedros-Mac.local\", \"VERSIONER_PYTHON_PREFER_32_BIT\": \"no\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":7824,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":7892,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Periodic Scripts\", \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"]}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":8144,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Periodic Scripts\", \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"], \"/etc/periodic/weekly/\": [\"320.whatis\", \"999.local\"]}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":8450,"message":"{\"/etc/periodic/monthly/\": [\"199.rotate-fax\", \"999.local\", \"200.accounting\"], \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"], \"Hostname\": \"pedros-Mac.local\", \"/etc/periodic/weekly/\": [\"320.whatis\", \"999.local\"], \"module\": \"Periodic Scripts\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":8833,"message":"{\"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"module\": \"Cron Jobs\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"offset":8943,"message":"{\"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"module\": \"Cron Jobs\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":9107,"message":"{\"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"module\": \"Cron Jobs\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"root\": [\"crontab: no crontab for root\\n\", null], \"module\": \"Cron Jobs\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":9323} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":9589,"message":"{\"\": [\"crontab: user `' unknown\\n\", null], \"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"root\": [\"crontab: no crontab for root\\n\", null], \"module\": \"Cron Jobs\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":9897,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Emond Rules\", \"/etc/emond.d/rules/SampleRules.plist\": [{\"name\": \"sample rule\", \"allowPartialCriterionMatch\": false, \"enabled\": false, \"actions\": [{\"logLevel\": \"Notice\", \"logType\": \"syslog\", \"message\": \"Event Monitor started at ${builtin:now}\", \"type\": \"Log\"}], \"criterion\": [{\"operator\": \"True\"}], \"eventTypes\": [\"startup\"]}]}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":10268,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/dynres\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"9264fcec329d0be901973f7469afd187856d047f51840558d938a256921192d3\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.DynresHelper\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/dynres\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.DynresHelper.plist\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":10790,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/prlfs_desktop.sh\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"a4e067967acd4120b0ad1925c31987a1e672cee35fef846c0fe22921eee0ab0d\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.vm.sharedfolders.desktop\", \"Program Arguments\": \"'/Library/Parallels Guest Tools/prlfs_desktop.sh'\", \"Program\": \"None\", \"Executable Hash\": \"382727143bd3e1a9d82bac85f6ff7a6962d1bbc7c5c16a68733e0f27e594032b\", \"Path\": \"/Library/LaunchAgents/com.parallels.vm.sharedfolders.desktop.plist\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":11399,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/prldragdrop\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"6cadda04967edec8818405617ad627efef8ffd6614e09ed9eff666200b86c8cb\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.dragdrop\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/prldragdrop\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.dragdrop.plist\"}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":11923,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/coherence\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"435edf3ca7ddbf4ca91f40ac10327cb1f66676bf6ab909a042287ed8ed3d6eb5\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.coherence\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/coherence\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.coherence.plist\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"offset":12445,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/apphelper\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"e7e8652328c96832cfab914b4c9c6cac3ca446e58e11e48adf48bee99218a376\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.iagent\", \"Program Arguments\": \"'/Library/Parallels Guest Tools/apphelper', 'ptiagent'\", \"Program\": \"None\", \"Executable Hash\": \"a83b7633e5982d521c3330a54beba3b17a20dbfed567411484e56b311709b01d\", \"Path\": \"/Library/LaunchAgents/com.parallels.iagent.plist\"}"} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":13016,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/copypaste\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"84b3cbf2d559efe52f3480834a516fe13d9e450c4fa7cee3d0b22415cc070a66\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.copypaste\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/copypaste\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.copypaste.plist\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Program Arguments\": \"['/usr/local/sbin/xnumon', '-d']\", \"Executable\": \"/usr/local/sbin/xnumon\", \"Program\": \"/usr/local/sbin/xnumon\", \"hash\": \"ccd1b402cf7db9b544b1d7bc93e4c64adbba3b7ebfc9ada5c7afa1a2f7f0d095\", \"Executable Hash\": \"5ad746178928803c53fc7ce7729e186249cdce96581f258a74da0cce74d486e7\", \"Path\": \"/Library/LaunchDaemons/ch.roe.xnumon.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"ch.roe.xnumon\"}","source":"/tmp/pedros-Mac.local.json","offset":13538,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":13976,"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/timesync']\", \"Executable\": \"/Library/Parallels Guest Tools/timesync\", \"Program\": \"None\", \"hash\": \"fbc6f396850a32032d48998dd7baa863d0f7cdf9dae1be77936ed83631fc1743\", \"Executable Hash\": \"94f43cc60b229e5927724a6f09eaec7fcad108303b9a8674e558f40f87efef15\", \"Path\": \"/Library/LaunchDaemons/com.parallels.TimeSync.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.TimeSync\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":14442,"message":"{\"Program Arguments\": \"['/usr/local/bin/osqueryd', '--flagfile=/private/var/osquery/osquery.flags']\", \"Executable\": \"/usr/local/bin/osqueryd\", \"Program\": \"None\", \"hash\": \"a8f69ec43386f17fb05416170b6103c2c09fb97d5f1cebe900ce81b42b1e9c9e\", \"Executable Hash\": \"10e78f5d173499e340c3582eeded49bbadde83f515e501d8a37a270d87138f56\", \"Path\": \"/Library/LaunchDaemons/com.facebook.osqueryd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.facebook.osqueryd\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Program Arguments\": \"['/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMessageTracer']\", \"Executable\": \"/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMessageTracer\", \"Program\": \"None\", \"hash\": \"120fb9acd8820b3459fdd179929a8f07bd7a9197eb45a45cc2c6dac8df2b94c1\", \"Executable Hash\": \"612574af8f160120fde32b53ce47ffe372a40267bfdb0c2f3e08aa59322b9f52\", \"Path\": \"/Library/LaunchDaemons/com.apple.installer.osmessagetracing.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.apple.installer.osmessagetracing\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":14923} | |
| {"@timestamp":"2019-02-25T12:37:08.809Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"offset":15501,"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/prl_fsd', '/Volumes/SharedFolders', '--share']\", \"Executable\": \"/Library/Parallels Guest Tools/prl_fsd\", \"Program\": \"None\", \"hash\": \"2ca857c31b98d19f929f5226e8a9396af13e0a3d81bb799ee7906b4d8ba7a1a1\", \"Executable Hash\": \"1c6ee9620475711ffb75bc44428d9499eb50ff735d9241bccb669fe3c0ba37b3\", \"Path\": \"/Library/LaunchDaemons/com.parallels.vm.prl_fsd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.vm.prl_fsd\"}"} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":16006,"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/prltoolsd']\", \"Executable\": \"/Library/Parallels Guest Tools/prltoolsd\", \"Program\": \"None\", \"hash\": \"d0c3be9808df1607155cd38bee880dab2a6a367370355d9072040ce45776a98f\", \"Executable Hash\": \"6b7fab3dfbff44ad08e557edf46bd4185f4d33bb3a9db5b419eeee6e5ed7820d\", \"Path\": \"/Library/LaunchDaemons/com.parallels.vm.prltoolsd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.vm.prltoolsd\"}"} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOExpressSASHBA2\", \"CFBundleExecutable\": \"ATTOExpressSASHBA2\", \"CFBundleName\": \"ATTOExpressSASHBA2\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOExpressSASHBA2.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO ExpressSAS HBA Driver 2.61.0f1 Copyright 2008-2018, ATTO Technology, Inc.\"}","source":"/tmp/pedros-Mac.local.json","offset":16482,"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":16909,"message":"{\"CFBundleIdentifier\": \"com.parallels.tools.ga\", \"CFBundleExecutable\": \"prl_video_ga\", \"CFBundleName\": \"Parallels Graphics Accelerator Plugin\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_video_ga.plugin/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":17303,"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.video\", \"CFBundleExecutable\": \"prl_video\", \"CFBundleName\": \"Parallels Framebuffer Driver\", \"OSBundleRequired\": \"Safe Boot\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_video.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"message":"{\"CFBundleIdentifier\": \"com.Accusys.driver.Acxxx\", \"CFBundleExecutable\": \"ACS6x\", \"CFBundleName\": \"ACS6x\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ACS6x.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ACS6x 3.5.3 Copyright (c) 2004-2017 Accusys, Inc.\"}","source":"/tmp/pedros-Mac.local.json","offset":17689,"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":18038,"message":"{\"CFBundleIdentifier\": \"com.softraid.driver.SoftRAID\", \"CFBundleExecutable\": \"SoftRAID\", \"CFBundleName\": \"SoftRAID\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/SoftRAID.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"SoftRAID version 5.6.6, Copyright \\u00a9 2002-18 Other World Computing, Inc. All rights reserved.\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local","architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":18441,"message":"{\"CFBundleIdentifier\": \"com.highpoint-tech.kext.HighPointIOP\", \"CFBundleExecutable\": \"HighPointIOP\", \"CFBundleName\": \"HighPointIOP\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/HighPointIOP.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 4.4.1, Copyright (c) 2015 HighPoint Technologies, Inc.\"}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":18837,"message":"{\"CFBundleIdentifier\": \"com.CalDigit.driver.HDPro\", \"CFBundleExecutable\": \"CalDigitHDProDrv\", \"CFBundleName\": \"CalDigitHDProDrv\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/CalDigitHDProDrv.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"CalDigitHDProDrv 2.1.2 Copyright (c) 2004-2009 CalDigit, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":19232,"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.eth\", \"CFBundleExecutable\": \"prl_eth\", \"CFBundleName\": null, \"OSBundleRequired\": \"Network-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_eth.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": null}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":19535,"message":"{\"CFBundleIdentifier\": \"com.parallels.driver.AppleIntelAC97Controller\", \"CFBundleExecutable\": \"AppleIntelAC97Controller\", \"CFBundleName\": \"Intel AC97 Controller Driver\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/AppleIntelAC97Controller.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version 1.1.0, Copyright 2002-2003 Apple Computer, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"CFBundleIdentifier\": \"com.highpoint-tech.kext.HighPointRR\", \"CFBundleExecutable\": \"HighPointRR\", \"CFBundleName\": \"HighPointRR\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/HighPointRR.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 4.13.6, Copyright (c) 2017 HighPoint Technologies, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":19964} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":20357,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"CFBundleIdentifier\": \"com.Areca.ArcMSR\", \"CFBundleExecutable\": \"ArcMSR\", \"CFBundleName\": \"ArcMSR\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ArcMSR.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Areca Driver 1.3.9\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOCelerityFC8\", \"CFBundleExecutable\": \"ATTOCelerityFC8\", \"CFBundleName\": \"ATTOCelerityFC8\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOCelerityFC8.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO Celerity FC Driver 3.26.0f1 Copyright 2008-2018, ATTO Technology, Inc.\"}","source":"/tmp/pedros-Mac.local.json","offset":20670,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":21082,"message":"{\"CFBundleIdentifier\": \"ch.roe.kext.xnumon\", \"CFBundleExecutable\": \"xnumon\", \"CFBundleName\": \"xnumon\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/xnumon.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": null}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":21373,"message":"{\"CFBundleIdentifier\": \"com.promise.driver.stex\", \"CFBundleExecutable\": \"PromiseSTEX\", \"CFBundleName\": \"PromiseSTEX\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/PromiseSTEX.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 6.2.9, Copyright (c) 2010-2017 Promise Technology, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"offset":21754,"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.tg\", \"CFBundleExecutable\": \"prl_tg\", \"CFBundleName\": \"prl_tg\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_tg.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}"} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOExpressSASRAID2\", \"CFBundleExecutable\": \"ATTOExpressSASRAID2\", \"CFBundleName\": \"ATTOExpressSASRAID2\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOExpressSASRAID2.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO ExpressSAS RAID Driver 3.76 Copyright 2009-2016, ATTO Technology, Inc.\"}","source":"/tmp/pedros-Mac.local.json","offset":22102,"prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":22530,"message":"{\"CFBundleIdentifier\": \"com.parallels.driver.AppleIntelAC97Audio\", \"CFBundleExecutable\": \"AppleIntelAC97Audio\", \"CFBundleName\": \"Intel AC97 Audio Driver\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/AppleIntelAC97Audio.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version 1.1.0, Copyright 2002-2003 Apple Computer, Inc.\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Siri.app\", \"module\": \"Applications\", \"App Hash\": \"659ce5b6f49531752edfd1b202a11a01d9cbe579e95e521d19f1b3fdbc0cb004\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Siri.app/Contents/MacOS/Siri\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":22939} | |
| {"@timestamp":"2019-02-25T12:37:08.810Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"offset":23335,"message":"{\"Application\": \"/Applications/QuickTime Player.app\", \"module\": \"Applications\", \"App Hash\": \"9f925e75b5363a9d91ac2f70f6576eacf98bcb396e3a85bb2e419f7cea0113c9\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/QuickTime Player.app/Contents/MacOS/QuickTime Player\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":23767,"message":"{\"Application\": \"/Applications/Chess.app\", \"module\": \"Applications\", \"App Hash\": \"615b1feb2bbd494aed09591672a7f931af687cad1e8c644c2160004648f62050\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Chess.app/Contents/MacOS/Chess\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":24166,"message":"{\"Application\": \"/Applications/Photo Booth.app\", \"module\": \"Applications\", \"App Hash\": \"c26dd0b8cce3f53ab2c93c542ca7fffd8d4bf5bafa19c4201c2ad819bcddba2a\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Photo Booth.app/Contents/MacOS/Photo Booth\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":24583,"message":"{\"Application\": \"/Applications/Books.app\", \"module\": \"Applications\", \"App Hash\": \"4a75c9f5efdb87c88eb59b980bac2ffd10e534c8a034786ff3ae6030e9f9cf01\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Books.app/Contents/MacOS/Books\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":24982,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"message":"{\"Application\": \"/Applications/.DS_Store\", \"module\": \"Applications\", \"App Hash\": \"4a75c9f5efdb87c88eb59b980bac2ffd10e534c8a034786ff3ae6030e9f9cf01\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Books.app/Contents/MacOS/Books\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":25381,"message":"{\"Application\": \"/Applications/Notes.app\", \"module\": \"Applications\", \"App Hash\": \"67e7e537427584acc50f0cd34d141f08c20796ea42073509299a9e73c9ec4fff\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Notes.app/Contents/MacOS/Notes\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":25780,"message":"{\"Application\": \"/Applications/Image Capture.app\", \"module\": \"Applications\", \"App Hash\": \"1c5fac3acbe9dc846926c39762cb41a5c0e14160eb6b1ecae903d08c2d186c32\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Image Capture.app/Contents/MacOS/Image Capture\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":26203,"message":"{\"Application\": \"/Applications/Home.app\", \"module\": \"Applications\", \"App Hash\": \"36e01c95cd54d08aa3f320e9338564bd4c532da9e78344eeb6ed9ff62f521045\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Home.app/Contents/MacOS/Home\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":26599,"message":"{\"Application\": \"/Applications/.localized\", \"module\": \"Applications\", \"App Hash\": \"36e01c95cd54d08aa3f320e9338564bd4c532da9e78344eeb6ed9ff62f521045\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Home.app/Contents/MacOS/Home\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"offset":26997,"message":"{\"Application\": \"/Applications/Preview.app\", \"module\": \"Applications\", \"App Hash\": \"0f9d95339af191875392222af88fa151f937eddb3c02f81a5024e4bb7022709d\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Preview.app/Contents/MacOS/Preview\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":27402,"message":"{\"Application\": \"/Applications/Dashboard.app\", \"module\": \"Applications\", \"App Hash\": \"d16b45973a6329296ada0e0d8dc413a00f8f2c95cc472b3eb36fd1a7080ed9a7\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Dashboard.app/Contents/MacOS/Dashboard\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":27813,"message":"{\"Application\": \"/Applications/News.app\", \"module\": \"Applications\", \"App Hash\": \"91733567592d94d416d995e1c858ac9f3b8f094d89eeca145ff590bfdac7782b\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/News.app/Contents/MacOS/News\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":28209,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"message":"{\"Application\": \"/Applications/TextEdit.app\", \"module\": \"Applications\", \"App Hash\": \"7b3f956664bd79dece5bbb4087b46968e7f2fd8773b1e0178be845d40e4116de\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/TextEdit.app/Contents/MacOS/TextEdit\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":28617,"message":"{\"Application\": \"/Applications/Stocks.app\", \"module\": \"Applications\", \"App Hash\": \"79f68b48a37f052997f5f9c773b5167ed582bbb78fb04d5ad25c131de54859dd\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Stocks.app/Contents/MacOS/Stocks\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":29019,"message":"{\"Application\": \"/Applications/Mail.app\", \"module\": \"Applications\", \"App Hash\": \"c5a5ccd6364304e0e2ffa765d80a32a3518d5f2127e4b064a80d71f64d28126a\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Mail.app/Contents/MacOS/Mail\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":29415,"message":"{\"Application\": \"/Applications/Safari.app\", \"module\": \"Applications\", \"App Hash\": \"fc635209818abaa4ae37b54c6efad8b5b58c80ba6b7f29e05bee30289fd8dd49\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Safari.app/Contents/MacOS/Safari\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":29817,"message":"{\"Application\": \"/Applications/Dictionary.app\", \"module\": \"Applications\", \"App Hash\": \"85d63b59e0ace173290fa0a29827eddd65bb5d66e610903bbad4420c338b809c\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Dictionary.app/Contents/MacOS/Dictionary\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":30231,"message":"{\"Application\": \"/Applications/Contacts.app\", \"module\": \"Applications\", \"App Hash\": \"8ca4b70162b001ca23c77f381101649750d306f684c8646dc231584e57ab0783\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Contacts.app/Contents/MacOS/Contacts\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Time Machine.app\", \"module\": \"Applications\", \"App Hash\": \"21d7852366d8deed020fd1299dff162e8de86a68e3a2828d1b5d3d1a6dd021f3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Time Machine.app/Contents/MacOS/Time Machine\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"offset":30639} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":31059,"message":"{\"Application\": \"/Applications/Utilities\", \"module\": \"Applications\", \"App Hash\": \"21d7852366d8deed020fd1299dff162e8de86a68e3a2828d1b5d3d1a6dd021f3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Time Machine.app/Contents/MacOS/Time Machine\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":31472,"message":"{\"Application\": \"/Applications/Font Book.app\", \"module\": \"Applications\", \"App Hash\": \"bd4f183e948eceadcbc899016a06d8b4a5b8ff6f9b17a86236bf035f8a76e0b3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Font Book.app/Contents/MacOS/Font Book\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":31883,"message":"{\"Application\": \"/Applications/FaceTime.app\", \"module\": \"Applications\", \"App Hash\": \"2b2d847841d19024d96b87c5fdf2c680f6175afcce6bd64b416ff0810e555ace\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/FaceTime.app/Contents/MacOS/FaceTime\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.811Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":32291,"message":"{\"Application\": \"/Applications/Maps.app\", \"module\": \"Applications\", \"App Hash\": \"fb4f140d7113177fcfb1f648cadb53c14f993413c1595a008eca5f6a51d65594\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Maps.app/Contents/MacOS/Maps\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":32687,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"message":"{\"Application\": \"/Applications/Mission Control.app\", \"module\": \"Applications\", \"App Hash\": \"ab3777237bd55d8c989753ed7e689f14d12080d8a0424c515be49fa51e20626d\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Mission Control.app/Contents/MacOS/Mission Control\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"message":"{\"Application\": \"/Applications/Stickies.app\", \"module\": \"Applications\", \"App Hash\": \"2d99b9eff803ae0f12f862e49f2acb61f366a20a297bf336af39dbdcd3a4ff77\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Stickies.app/Contents/MacOS/Stickies\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":33116} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":33524,"message":"{\"Application\": \"/Applications/Photos.app\", \"module\": \"Applications\", \"App Hash\": \"e5ba1e45ea442103882e56876d4c1ac134001e6ee01be3f91cc1fd55bc564226\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Photos.app/Contents/MacOS/Photos\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":33926,"message":"{\"Application\": \"/Applications/Messages.app\", \"module\": \"Applications\", \"App Hash\": \"ac927ae17bf5173a31a429be099b1fad74756c1130b96f0d9a3e643ea2e766b0\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Messages.app/Contents/MacOS/Messages\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64","name":"pedros-Mac.local"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":34334,"message":"{\"Application\": \"/Applications/Calculator.app\", \"module\": \"Applications\", \"App Hash\": \"e7edb05f935b66021a108082107523cef18d934a9c176cfdee16a81158a44cb7\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Calculator.app/Contents/MacOS/Calculator\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"offset":34748,"message":"{\"Application\": \"/Applications/VoiceMemos.app\", \"module\": \"Applications\", \"App Hash\": \"ad72e1623011457e03c8c662a0a18d1fbaaf44eec359d48413dd5bdb9517afbf\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/VoiceMemos.app/Contents/MacOS/VoiceMemos\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/iTunes.app\", \"module\": \"Applications\", \"App Hash\": \"94c3d7870dd1a865e2f27a64f9cbd3182424123ffec79c788ac98d37f0f009ee\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/iTunes.app/Contents/MacOS/iTunes\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":35162} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Launchpad.app\", \"module\": \"Applications\", \"App Hash\": \"3a24761426ebbb9c889c4cc806e9a241f296459cb243eec9e4492d70ef58f2d8\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Launchpad.app/Contents/MacOS/Launchpad\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":35564} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":35975,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"message":"{\"Application\": \"/Applications/Reminders.app\", \"module\": \"Applications\", \"App Hash\": \"ea8f7ca6790139d2dd7d2e72ad9a2b8153f0228ccb7c4f643006bbf69a66fc55\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Reminders.app/Contents/MacOS/Reminders\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":36386,"message":"{\"Application\": \"/Applications/App Store.app\", \"module\": \"Applications\", \"App Hash\": \"c895b9f090d52298539d3ad6f0e0c3a3c9d32517c9fa43e82c45617177c69b07\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/App Store.app/Contents/MacOS/App Store\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":36797,"message":"{\"Application\": \"/Applications/Automator.app\", \"module\": \"Applications\", \"App Hash\": \"05e9783f41567545e92e239ba629515eb8e6b6ba9d79cae3fb204dff2dd713a9\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Automator.app/Contents/MacOS/Automator\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":37208,"message":"{\"Application\": \"/Applications/Calendar.app\", \"module\": \"Applications\", \"App Hash\": \"6fbc168c2b14270aefb3ad1a73efea31a571600fe85c9344abc37d7a4f6ed64b\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Calendar.app/Contents/MacOS/Calendar\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/System Preferences.app\", \"module\": \"Applications\", \"App Hash\": \"bed7eeac83d232a0d090a4158b3a1872aaa8744235b8d6dcb7f933087258cff5\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/System Preferences.app/Contents/MacOS/System Preferences\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":37616} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":38054,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"1189641421\", \"Tapping Process Name\": \"/System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"334\", \"Module\": \"Event Taps\"}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":38296,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"596516649\", \"Tapping Process Name\": \"/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"315\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":38588,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"1649760492\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"False\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":38772,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"719885386\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"False\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"424238335\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":38955} | |
| {"@timestamp":"2019-02-25T12:37:08.812Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":39137,"message":"{\"Module\": \"Bash History\", \"user\": \"pedro\", \"bash_commands\": [\"diskutil list\", \"cd \", \"sudo -i\", \"ls /var/log/\", \"cd /var/log/osquery/\", \"ls\", \"ls -la\", \"clear\", \"clear\", \"cd\", \"clear\", \"sudo -i\", \"/tmp/\", \"clear\", \"sudo -i\", \"cd Downloads/\", \"ls\", \"cd filebeat-6.5.4-darwin-x86_64/\", \"sudo -i\", \"cd Downloads/\", \"ls\", \"clear\", \"ls\", \"cd filebeat-6.5.4-darwin-x86_64/\", \"ls\", \"nano filebeat\", \"nano filebeat.yml \", \"sudo -i\", \"\"]}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.086Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":0,"message":"{\"Hostname\": \"pedros-Mac.local\", \"users\": [\"daemon\", \"nobody\", \"pedro\", \"root\", \"\"], \"module\": \"Users\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.087Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"SIP Status\": \"enabled\", \"module\": \"System Intergrity Protection\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":104} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":204,"message":"{\"kernel\": \"18.2.0\", \"hostname\": \"pedros-Mac.local\", \"kernel_release\": \"xnu-4903.231.4~2/RELEASE_X86_64\", \"module\": \"System Info\"}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":335,"message":"{\"date\": \"2018-12-11T07:31:45\", \"packageIdentifiers\": [\"com.apple.pkg.Core\", \"com.apple.pkg.EmbeddedOSFirmware\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"SU_TITLE\", \"module\": \"Install History\"}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":537,"message":"{\"date\": \"2018-12-11T07:44:31\", \"packageIdentifiers\": [\"com.parallels.pkg.guestostools.audio\", \"com.parallels.pkg.guestostools.video\", \"com.parallels.pkg.guestostools.tg\", \"com.parallels.pkg.guestostools.network\", \"com.parallels.pkg.guestostools.hosttime\", \"com.parallels.pkg.guestostools.sf\", \"com.parallels.pkg.guestostools.ts\", \"com.parallels.pkg.guestostools.ut\", \"com.parallels.pkg.guestostools.coherence\", \"com.parallels.pkg.guestostools.iagent\", \"com.parallels.pkg.guestostools.copypaste\", \"com.parallels.pkg.guestostools.dragdrop\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Parallels Tools for Mac\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"message":"{\"date\": \"2018-12-11T08:13:23\", \"packageIdentifiers\": [\"com.apple.pkg.macOSUpdCombo10.13.6Auto.RecoveryHDUpdate.17G65\", \"com.apple.pkg.macOSBrain\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS High Sierra 10.13.6 Update\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":1181,"prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-11T08:13:23\", \"packageIdentifiers\": [\"com.apple.pkg.iTunesX\", \"com.apple.pkg.iTunesAccess\", \"com.apple.pkg.CoreFP\", \"com.apple.pkg.CoreADI\", \"com.apple.pkg.MobileDevice\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"iTunes\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":1442,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":1718,"message":"{\"date\": \"2018-12-11T08:21:34\", \"packageIdentifiers\": [\"com.apple.pkg.FirmwareUpdate\", \"com.apple.pkg.update.os.Combo10.13.6Auto.17G65\", \"com.apple.pkg.SecureBoot\", \"com.apple.pkg.EmbeddedOSFirmware\", \"com.apple.update.fullbundleupdate.17G65\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS High Sierra 10.13.6 Update\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":2075,"message":"{\"date\": \"2018-12-11T11:06:24\", \"packageIdentifiers\": [\"com.apple.pkg.Safari12.0.2HighSierraAuto\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Safari\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-11T11:06:24\", \"packageIdentifiers\": [\"com.apple.pkg.macOSBrain\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Security Update 2018-003\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":2261} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":2449,"message":"{\"date\": \"2018-12-11T18:36:42\", \"packageIdentifiers\": [\"com.apple.pkg.InstallAssistantAuto\", \"com.apple.pkg.InstallESDDmg\", \"com.apple.pkg.RecoveryHDMetaDmg\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS Mojave\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":2701,"message":"{\"date\": \"2018-12-11T19:01:35\", \"packageIdentifiers\": [\"com.apple.pkg.Core\", \"com.apple.pkg.EmbeddedOSFirmware\", \"com.apple.pkg.SecureBoot\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"SU_TITLE\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":2931,"message":"{\"date\": \"2018-12-13T10:15:59\", \"packageIdentifiers\": [\"com.apple.pkg.XProtectPlistConfigData.16U4040\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"XProtectPlistConfigData\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":3139,"message":"{\"date\": \"2018-12-13T10:16:01\", \"packageIdentifiers\": [\"com.apple.pkg.GatekeeperConfigData.16U1642\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Gatekeeper Configuration Data\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local"},"offset":3350,"message":"{\"date\": \"2018-12-13T10:16:14\", \"packageIdentifiers\": [\"com.apple.pkg.TCCConfigData.16U1640\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"TCC Configuration Data\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-13T10:16:26\", \"packageIdentifiers\": [\"com.apple.pkg.MRTConfigData.16U4046\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"MRTConfigData\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":3547} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"offset":3735,"message":"{\"date\": \"2018-12-13T10:45:39\", \"packageIdentifiers\": [\"com.facebook.osquery\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"osquery-3.3.0\", \"module\": \"Install History\"}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":3908,"message":"{\"date\": \"2018-12-13T10:47:27\", \"packageIdentifiers\": [\"ch.roe.xnumon\", \"ch.roe.kext.xnumon\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"xnumon\", \"module\": \"Install History\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":4089,"message":"{\"date\": \"2019-02-22T18:28:42\", \"packageIdentifiers\": [\"com.apple.pkg.GatekeeperConfigData.16U1679\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Gatekeeper Configuration Data\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"message":"{\"date\": \"2019-02-22T18:28:54\", \"packageIdentifiers\": [\"com.parallels.pkg.guestostools.audio\", \"com.parallels.pkg.guestostools.video\", \"com.parallels.pkg.guestostools.tg\", \"com.parallels.pkg.guestostools.network\", \"com.parallels.pkg.guestostools.hosttime\", \"com.parallels.pkg.guestostools.sf\", \"com.parallels.pkg.guestostools.ts\", \"com.parallels.pkg.guestostools.ut\", \"com.parallels.pkg.guestostools.coherence\", \"com.parallels.pkg.guestostools.iagent\", \"com.parallels.pkg.guestostools.copypaste\", \"com.parallels.pkg.guestostools.dragdrop\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Parallels Tools for Mac\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":4300} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":4944,"message":"{\"date\": \"2019-02-22T18:29:24\", \"packageIdentifiers\": [\"com.apple.pkg.MRTConfigData.16U4050\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"MRTConfigData\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":5132,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Gatekeeper Status\", \"Gatekeeper Status\": \"assessments enabled\\n\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"offset":5242,"message":"{\"Process Name\": \"apsd\", \"Process ID\": \"390\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49172-\u003e17.249.172.94:5223\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Process Name\": \"apsd\", \"Process ID\": \"390\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49172-\u003e17.249.172.94:5223\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":5454} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"TERM\": \"xterm-256color\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":5666} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":5760,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SSH_AUTH_SOCK\": \"/private/tmp/com.apple.launchd.B3dIjdIaHW/Listeners\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":5900,"message":"{\"PATH\": \"/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":6024,"message":"{\"LANG\": \"en_US.UTF-8\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":6115,"message":"{\"HOME\": \"/Users/pedro\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":6207,"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64","name":"pedros-Mac.local"},"message":"{\"MAIL\": \"/var/mail/root\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"LOGNAME\": \"root\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","offset":6301,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":6388,"message":"{\"Hostname\": \"pedros-Mac.local\", \"USER\": \"root\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":6472,"message":"{\"USERNAME\": \"root\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":6560,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SHELL\": \"/bin/sh\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"SUDO_COMMAND\": \"/usr/bin/python /Users/pedro/Desktop/Venator.py -d /tmp/\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":6648} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":6792,"message":"{\"SUDO_USER\": \"pedro\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"SUDO_UID\": \"501\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json","offset":6882,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":6969,"message":"{\"SUDO_GID\": \"20\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"host":{"architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":7055,"message":"{\"__CF_USER_TEXT_ENCODING\": \"0x0:0:0\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64","name":"pedros-Mac.local"},"offset":7161,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\", \"VERSIONER_PYTHON_VERSION\": \"2.7\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":7264,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"message":"{\"Hostname\": \"pedros-Mac.local\", \"VERSIONER_PYTHON_PREFER_32_BIT\": \"no\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":7372,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":7440,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Periodic Scripts\", \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"]}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Periodic Scripts\", \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"], \"/etc/periodic/weekly/\": [\"320.whatis\", \"999.local\"]}","source":"/tmp/pedros-Mac.local.json","offset":7692,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":7998,"message":"{\"/etc/periodic/monthly/\": [\"199.rotate-fax\", \"999.local\", \"200.accounting\"], \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"], \"Hostname\": \"pedros-Mac.local\", \"/etc/periodic/weekly/\": [\"320.whatis\", \"999.local\"], \"module\": \"Periodic Scripts\"}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"module\": \"Cron Jobs\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":8381} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":8491,"message":"{\"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"module\": \"Cron Jobs\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":8655,"message":"{\"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"module\": \"Cron Jobs\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":8871,"message":"{\"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"root\": [\"crontab: no crontab for root\\n\", null], \"module\": \"Cron Jobs\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"\": [\"crontab: user `' unknown\\n\", null], \"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"root\": [\"crontab: no crontab for root\\n\", null], \"module\": \"Cron Jobs\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":9137} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":9445,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Emond Rules\", \"/etc/emond.d/rules/SampleRules.plist\": [{\"name\": \"sample rule\", \"allowPartialCriterionMatch\": false, \"enabled\": false, \"actions\": [{\"logLevel\": \"Notice\", \"logType\": \"syslog\", \"message\": \"Event Monitor started at ${builtin:now}\", \"type\": \"Log\"}], \"criterion\": [{\"operator\": \"True\"}], \"eventTypes\": [\"startup\"]}]}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":9816,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/dynres\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"9264fcec329d0be901973f7469afd187856d047f51840558d938a256921192d3\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.DynresHelper\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/dynres\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.DynresHelper.plist\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":10338,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/prlfs_desktop.sh\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"a4e067967acd4120b0ad1925c31987a1e672cee35fef846c0fe22921eee0ab0d\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.vm.sharedfolders.desktop\", \"Program Arguments\": \"'/Library/Parallels Guest Tools/prlfs_desktop.sh'\", \"Program\": \"None\", \"Executable Hash\": \"382727143bd3e1a9d82bac85f6ff7a6962d1bbc7c5c16a68733e0f27e594032b\", \"Path\": \"/Library/LaunchAgents/com.parallels.vm.sharedfolders.desktop.plist\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":10947,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/prldragdrop\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"6cadda04967edec8818405617ad627efef8ffd6614e09ed9eff666200b86c8cb\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.dragdrop\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/prldragdrop\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.dragdrop.plist\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":11471,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/coherence\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"435edf3ca7ddbf4ca91f40ac10327cb1f66676bf6ab909a042287ed8ed3d6eb5\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.coherence\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/coherence\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.coherence.plist\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Executable\": \"/Library/Parallels Guest Tools/apphelper\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"e7e8652328c96832cfab914b4c9c6cac3ca446e58e11e48adf48bee99218a376\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.iagent\", \"Program Arguments\": \"'/Library/Parallels Guest Tools/apphelper', 'ptiagent'\", \"Program\": \"None\", \"Executable Hash\": \"a83b7633e5982d521c3330a54beba3b17a20dbfed567411484e56b311709b01d\", \"Path\": \"/Library/LaunchAgents/com.parallels.iagent.plist\"}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":11993} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":12564,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"Executable\": \"/Library/Parallels Guest Tools/copypaste\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"84b3cbf2d559efe52f3480834a516fe13d9e450c4fa7cee3d0b22415cc070a66\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.copypaste\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/copypaste\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.copypaste.plist\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":13086,"message":"{\"Program Arguments\": \"['/usr/local/sbin/xnumon', '-d']\", \"Executable\": \"/usr/local/sbin/xnumon\", \"Program\": \"/usr/local/sbin/xnumon\", \"hash\": \"ccd1b402cf7db9b544b1d7bc93e4c64adbba3b7ebfc9ada5c7afa1a2f7f0d095\", \"Executable Hash\": \"5ad746178928803c53fc7ce7729e186249cdce96581f258a74da0cce74d486e7\", \"Path\": \"/Library/LaunchDaemons/ch.roe.xnumon.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"ch.roe.xnumon\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/timesync']\", \"Executable\": \"/Library/Parallels Guest Tools/timesync\", \"Program\": \"None\", \"hash\": \"fbc6f396850a32032d48998dd7baa863d0f7cdf9dae1be77936ed83631fc1743\", \"Executable Hash\": \"94f43cc60b229e5927724a6f09eaec7fcad108303b9a8674e558f40f87efef15\", \"Path\": \"/Library/LaunchDaemons/com.parallels.TimeSync.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.TimeSync\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":13524} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"message":"{\"Program Arguments\": \"['/usr/local/bin/osqueryd', '--flagfile=/private/var/osquery/osquery.flags']\", \"Executable\": \"/usr/local/bin/osqueryd\", \"Program\": \"None\", \"hash\": \"a8f69ec43386f17fb05416170b6103c2c09fb97d5f1cebe900ce81b42b1e9c9e\", \"Executable Hash\": \"10e78f5d173499e340c3582eeded49bbadde83f515e501d8a37a270d87138f56\", \"Path\": \"/Library/LaunchDaemons/com.facebook.osqueryd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.facebook.osqueryd\"}","source":"/tmp/pedros-Mac.local.json","offset":13990,"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":14471,"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"message":"{\"Program Arguments\": \"['/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMessageTracer']\", \"Executable\": \"/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMessageTracer\", \"Program\": \"None\", \"hash\": \"120fb9acd8820b3459fdd179929a8f07bd7a9197eb45a45cc2c6dac8df2b94c1\", \"Executable Hash\": \"612574af8f160120fde32b53ce47ffe372a40267bfdb0c2f3e08aa59322b9f52\", \"Path\": \"/Library/LaunchDaemons/com.apple.installer.osmessagetracing.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.apple.installer.osmessagetracing\"}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/prl_fsd', '/Volumes/SharedFolders', '--share']\", \"Executable\": \"/Library/Parallels Guest Tools/prl_fsd\", \"Program\": \"None\", \"hash\": \"2ca857c31b98d19f929f5226e8a9396af13e0a3d81bb799ee7906b4d8ba7a1a1\", \"Executable Hash\": \"1c6ee9620475711ffb75bc44428d9499eb50ff735d9241bccb669fe3c0ba37b3\", \"Path\": \"/Library/LaunchDaemons/com.parallels.vm.prl_fsd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.vm.prl_fsd\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"offset":15049} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":15554,"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/prltoolsd']\", \"Executable\": \"/Library/Parallels Guest Tools/prltoolsd\", \"Program\": \"None\", \"hash\": \"d0c3be9808df1607155cd38bee880dab2a6a367370355d9072040ce45776a98f\", \"Executable Hash\": \"6b7fab3dfbff44ad08e557edf46bd4185f4d33bb3a9db5b419eeee6e5ed7820d\", \"Path\": \"/Library/LaunchDaemons/com.parallels.vm.prltoolsd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.vm.prltoolsd\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOExpressSASHBA2\", \"CFBundleExecutable\": \"ATTOExpressSASHBA2\", \"CFBundleName\": \"ATTOExpressSASHBA2\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOExpressSASHBA2.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO ExpressSAS HBA Driver 2.61.0f1 Copyright 2008-2018, ATTO Technology, Inc.\"}","source":"/tmp/pedros-Mac.local.json","offset":16030,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":16457,"message":"{\"CFBundleIdentifier\": \"com.parallels.tools.ga\", \"CFBundleExecutable\": \"prl_video_ga\", \"CFBundleName\": \"Parallels Graphics Accelerator Plugin\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_video_ga.plugin/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.video\", \"CFBundleExecutable\": \"prl_video\", \"CFBundleName\": \"Parallels Framebuffer Driver\", \"OSBundleRequired\": \"Safe Boot\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_video.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}","source":"/tmp/pedros-Mac.local.json","offset":16851,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":17237,"message":"{\"CFBundleIdentifier\": \"com.Accusys.driver.Acxxx\", \"CFBundleExecutable\": \"ACS6x\", \"CFBundleName\": \"ACS6x\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ACS6x.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ACS6x 3.5.3 Copyright (c) 2004-2017 Accusys, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":17586,"message":"{\"CFBundleIdentifier\": \"com.softraid.driver.SoftRAID\", \"CFBundleExecutable\": \"SoftRAID\", \"CFBundleName\": \"SoftRAID\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/SoftRAID.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"SoftRAID version 5.6.6, Copyright \\u00a9 2002-18 Other World Computing, Inc. All rights reserved.\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":17989,"message":"{\"CFBundleIdentifier\": \"com.highpoint-tech.kext.HighPointIOP\", \"CFBundleExecutable\": \"HighPointIOP\", \"CFBundleName\": \"HighPointIOP\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/HighPointIOP.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 4.4.1, Copyright (c) 2015 HighPoint Technologies, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":18385,"message":"{\"CFBundleIdentifier\": \"com.CalDigit.driver.HDPro\", \"CFBundleExecutable\": \"CalDigitHDProDrv\", \"CFBundleName\": \"CalDigitHDProDrv\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/CalDigitHDProDrv.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"CalDigitHDProDrv 2.1.2 Copyright (c) 2004-2009 CalDigit, Inc.\"}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":18780,"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.eth\", \"CFBundleExecutable\": \"prl_eth\", \"CFBundleName\": null, \"OSBundleRequired\": \"Network-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_eth.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": null}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":19083,"message":"{\"CFBundleIdentifier\": \"com.parallels.driver.AppleIntelAC97Controller\", \"CFBundleExecutable\": \"AppleIntelAC97Controller\", \"CFBundleName\": \"Intel AC97 Controller Driver\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/AppleIntelAC97Controller.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version 1.1.0, Copyright 2002-2003 Apple Computer, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":19512,"message":"{\"CFBundleIdentifier\": \"com.highpoint-tech.kext.HighPointRR\", \"CFBundleExecutable\": \"HighPointRR\", \"CFBundleName\": \"HighPointRR\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/HighPointRR.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 4.13.6, Copyright (c) 2017 HighPoint Technologies, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":19905,"message":"{\"CFBundleIdentifier\": \"com.Areca.ArcMSR\", \"CFBundleExecutable\": \"ArcMSR\", \"CFBundleName\": \"ArcMSR\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ArcMSR.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Areca Driver 1.3.9\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":20218,"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOCelerityFC8\", \"CFBundleExecutable\": \"ATTOCelerityFC8\", \"CFBundleName\": \"ATTOCelerityFC8\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOCelerityFC8.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO Celerity FC Driver 3.26.0f1 Copyright 2008-2018, ATTO Technology, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":20630,"message":"{\"CFBundleIdentifier\": \"ch.roe.kext.xnumon\", \"CFBundleExecutable\": \"xnumon\", \"CFBundleName\": \"xnumon\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/xnumon.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": null}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":20921,"message":"{\"CFBundleIdentifier\": \"com.promise.driver.stex\", \"CFBundleExecutable\": \"PromiseSTEX\", \"CFBundleName\": \"PromiseSTEX\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/PromiseSTEX.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 6.2.9, Copyright (c) 2010-2017 Promise Technology, Inc.\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":21302,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.tg\", \"CFBundleExecutable\": \"prl_tg\", \"CFBundleName\": \"prl_tg\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_tg.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":21650,"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOExpressSASRAID2\", \"CFBundleExecutable\": \"ATTOExpressSASRAID2\", \"CFBundleName\": \"ATTOExpressSASRAID2\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOExpressSASRAID2.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO ExpressSAS RAID Driver 3.76 Copyright 2009-2016, ATTO Technology, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"offset":22078,"message":"{\"CFBundleIdentifier\": \"com.parallels.driver.AppleIntelAC97Audio\", \"CFBundleExecutable\": \"AppleIntelAC97Audio\", \"CFBundleName\": \"Intel AC97 Audio Driver\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/AppleIntelAC97Audio.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version 1.1.0, Copyright 2002-2003 Apple Computer, Inc.\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Siri.app\", \"module\": \"Applications\", \"App Hash\": \"659ce5b6f49531752edfd1b202a11a01d9cbe579e95e521d19f1b3fdbc0cb004\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Siri.app/Contents/MacOS/Siri\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":22487,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":22883,"message":"{\"Application\": \"/Applications/QuickTime Player.app\", \"module\": \"Applications\", \"App Hash\": \"9f925e75b5363a9d91ac2f70f6576eacf98bcb396e3a85bb2e419f7cea0113c9\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/QuickTime Player.app/Contents/MacOS/QuickTime Player\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Chess.app\", \"module\": \"Applications\", \"App Hash\": \"615b1feb2bbd494aed09591672a7f931af687cad1e8c644c2160004648f62050\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Chess.app/Contents/MacOS/Chess\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":23315} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":23714,"message":"{\"Application\": \"/Applications/Photo Booth.app\", \"module\": \"Applications\", \"App Hash\": \"c26dd0b8cce3f53ab2c93c542ca7fffd8d4bf5bafa19c4201c2ad819bcddba2a\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Photo Booth.app/Contents/MacOS/Photo Booth\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:53:30.088Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Books.app\", \"module\": \"Applications\", \"App Hash\": \"4a75c9f5efdb87c88eb59b980bac2ffd10e534c8a034786ff3ae6030e9f9cf01\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Books.app/Contents/MacOS/Books\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":24131} | |
| {"@timestamp":"2019-02-25T12:53:31.097Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"message":"{\"Application\": \"/Applications/.DS_Store\", \"module\": \"Applications\", \"App Hash\": \"4a75c9f5efdb87c88eb59b980bac2ffd10e534c8a034786ff3ae6030e9f9cf01\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Books.app/Contents/MacOS/Books\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":24530,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:31.097Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"message":"{\"Application\": \"/Applications/Notes.app\", \"module\": \"Applications\", \"App Hash\": \"67e7e537427584acc50f0cd34d141f08c20796ea42073509299a9e73c9ec4fff\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Notes.app/Contents/MacOS/Notes\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":24929,"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:31.097Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":25328,"message":"{\"Application\": \"/Applications/Image Capture.app\", \"module\": \"Applications\", \"App Hash\": \"1c5fac3acbe9dc846926c39762cb41a5c0e14160eb6b1ecae903d08c2d186c32\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Image Capture.app/Contents/MacOS/Image Capture\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:31.097Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":25751,"message":"{\"Application\": \"/Applications/Home.app\", \"module\": \"Applications\", \"App Hash\": \"36e01c95cd54d08aa3f320e9338564bd4c532da9e78344eeb6ed9ff62f521045\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Home.app/Contents/MacOS/Home\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:53:31.097Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/.localized\", \"module\": \"Applications\", \"App Hash\": \"36e01c95cd54d08aa3f320e9338564bd4c532da9e78344eeb6ed9ff62f521045\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Home.app/Contents/MacOS/Home\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"offset":26147} | |
| {"@timestamp":"2019-02-25T12:53:31.097Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":26545,"input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"message":"{\"Application\": \"/Applications/Preview.app\", \"module\": \"Applications\", \"App Hash\": \"0f9d95339af191875392222af88fa151f937eddb3c02f81a5024e4bb7022709d\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Preview.app/Contents/MacOS/Preview\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T12:53:31.097Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":26950,"message":"{\"Application\": \"/Applications/Dashboard.app\", \"module\": \"Applications\", \"App Hash\": \"d16b45973a6329296ada0e0d8dc413a00f8f2c95cc472b3eb36fd1a7080ed9a7\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Dashboard.app/Contents/MacOS/Dashboard\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:53:31.097Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":27361,"message":"{\"Application\": \"/Applications/News.app\", \"module\": \"Applications\", \"App Hash\": \"91733567592d94d416d995e1c858ac9f3b8f094d89eeca145ff590bfdac7782b\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/News.app/Contents/MacOS/News\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:53:31.097Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":27757,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"message":"{\"Application\": \"/Applications/TextEdit.app\", \"module\": \"Applications\", \"App Hash\": \"7b3f956664bd79dece5bbb4087b46968e7f2fd8773b1e0178be845d40e4116de\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/TextEdit.app/Contents/MacOS/TextEdit\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:31.097Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":28165,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"Application\": \"/Applications/Stocks.app\", \"module\": \"Applications\", \"App Hash\": \"79f68b48a37f052997f5f9c773b5167ed582bbb78fb04d5ad25c131de54859dd\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Stocks.app/Contents/MacOS/Stocks\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:34.104Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":28567,"message":"{\"Application\": \"/Applications/Mail.app\", \"module\": \"Applications\", \"App Hash\": \"c5a5ccd6364304e0e2ffa765d80a32a3518d5f2127e4b064a80d71f64d28126a\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Mail.app/Contents/MacOS/Mail\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:53:34.104Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":28963,"message":"{\"Application\": \"/Applications/Safari.app\", \"module\": \"Applications\", \"App Hash\": \"fc635209818abaa4ae37b54c6efad8b5b58c80ba6b7f29e05bee30289fd8dd49\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Safari.app/Contents/MacOS/Safari\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:34.104Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":29365,"message":"{\"Application\": \"/Applications/Dictionary.app\", \"module\": \"Applications\", \"App Hash\": \"85d63b59e0ace173290fa0a29827eddd65bb5d66e610903bbad4420c338b809c\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Dictionary.app/Contents/MacOS/Dictionary\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:34.104Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":29779,"message":"{\"Application\": \"/Applications/Contacts.app\", \"module\": \"Applications\", \"App Hash\": \"8ca4b70162b001ca23c77f381101649750d306f684c8646dc231584e57ab0783\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Contacts.app/Contents/MacOS/Contacts\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:34.104Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":30187,"message":"{\"Application\": \"/Applications/Time Machine.app\", \"module\": \"Applications\", \"App Hash\": \"21d7852366d8deed020fd1299dff162e8de86a68e3a2828d1b5d3d1a6dd021f3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Time Machine.app/Contents/MacOS/Time Machine\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:34.104Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":30607,"message":"{\"Application\": \"/Applications/Utilities\", \"module\": \"Applications\", \"App Hash\": \"21d7852366d8deed020fd1299dff162e8de86a68e3a2828d1b5d3d1a6dd021f3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Time Machine.app/Contents/MacOS/Time Machine\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:53:34.104Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":31020,"message":"{\"Application\": \"/Applications/Font Book.app\", \"module\": \"Applications\", \"App Hash\": \"bd4f183e948eceadcbc899016a06d8b4a5b8ff6f9b17a86236bf035f8a76e0b3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Font Book.app/Contents/MacOS/Font Book\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:34.104Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/FaceTime.app\", \"module\": \"Applications\", \"App Hash\": \"2b2d847841d19024d96b87c5fdf2c680f6175afcce6bd64b416ff0810e555ace\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/FaceTime.app/Contents/MacOS/FaceTime\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local"},"offset":31431} | |
| {"@timestamp":"2019-02-25T12:53:34.104Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":31839,"message":"{\"Application\": \"/Applications/Maps.app\", \"module\": \"Applications\", \"App Hash\": \"fb4f140d7113177fcfb1f648cadb53c14f993413c1595a008eca5f6a51d65594\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Maps.app/Contents/MacOS/Maps\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:34.104Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Mission Control.app\", \"module\": \"Applications\", \"App Hash\": \"ab3777237bd55d8c989753ed7e689f14d12080d8a0424c515be49fa51e20626d\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Mission Control.app/Contents/MacOS/Mission Control\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":32235} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":32664,"message":"{\"Application\": \"/Applications/Stickies.app\", \"module\": \"Applications\", \"App Hash\": \"2d99b9eff803ae0f12f862e49f2acb61f366a20a297bf336af39dbdcd3a4ff77\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Stickies.app/Contents/MacOS/Stickies\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Photos.app\", \"module\": \"Applications\", \"App Hash\": \"e5ba1e45ea442103882e56876d4c1ac134001e6ee01be3f91cc1fd55bc564226\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Photos.app/Contents/MacOS/Photos\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":33072,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"Application\": \"/Applications/Messages.app\", \"module\": \"Applications\", \"App Hash\": \"ac927ae17bf5173a31a429be099b1fad74756c1130b96f0d9a3e643ea2e766b0\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Messages.app/Contents/MacOS/Messages\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":33474,"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":33882,"message":"{\"Application\": \"/Applications/Calculator.app\", \"module\": \"Applications\", \"App Hash\": \"e7edb05f935b66021a108082107523cef18d934a9c176cfdee16a81158a44cb7\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Calculator.app/Contents/MacOS/Calculator\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":34296,"message":"{\"Application\": \"/Applications/VoiceMemos.app\", \"module\": \"Applications\", \"App Hash\": \"ad72e1623011457e03c8c662a0a18d1fbaaf44eec359d48413dd5bdb9517afbf\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/VoiceMemos.app/Contents/MacOS/VoiceMemos\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"offset":34710,"message":"{\"Application\": \"/Applications/iTunes.app\", \"module\": \"Applications\", \"App Hash\": \"94c3d7870dd1a865e2f27a64f9cbd3182424123ffec79c788ac98d37f0f009ee\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/iTunes.app/Contents/MacOS/iTunes\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":35112,"message":"{\"Application\": \"/Applications/Launchpad.app\", \"module\": \"Applications\", \"App Hash\": \"3a24761426ebbb9c889c4cc806e9a241f296459cb243eec9e4492d70ef58f2d8\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Launchpad.app/Contents/MacOS/Launchpad\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":35523,"message":"{\"Application\": \"/Applications/Reminders.app\", \"module\": \"Applications\", \"App Hash\": \"ea8f7ca6790139d2dd7d2e72ad9a2b8153f0228ccb7c4f643006bbf69a66fc55\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Reminders.app/Contents/MacOS/Reminders\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":35934,"message":"{\"Application\": \"/Applications/App Store.app\", \"module\": \"Applications\", \"App Hash\": \"c895b9f090d52298539d3ad6f0e0c3a3c9d32517c9fa43e82c45617177c69b07\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/App Store.app/Contents/MacOS/App Store\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":36345,"message":"{\"Application\": \"/Applications/Automator.app\", \"module\": \"Applications\", \"App Hash\": \"05e9783f41567545e92e239ba629515eb8e6b6ba9d79cae3fb204dff2dd713a9\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Automator.app/Contents/MacOS/Automator\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":36756,"message":"{\"Application\": \"/Applications/Calendar.app\", \"module\": \"Applications\", \"App Hash\": \"6fbc168c2b14270aefb3ad1a73efea31a571600fe85c9344abc37d7a4f6ed64b\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Calendar.app/Contents/MacOS/Calendar\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"message":"{\"Application\": \"/Applications/System Preferences.app\", \"module\": \"Applications\", \"App Hash\": \"bed7eeac83d232a0d090a4158b3a1872aaa8744235b8d6dcb7f933087258cff5\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/System Preferences.app/Contents/MacOS/System Preferences\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":37164,"prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":37602,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"1189641421\", \"Tapping Process Name\": \"/System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"334\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":37844,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"596516649\", \"Tapping Process Name\": \"/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"315\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":38136,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"1649760492\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"False\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":38320,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"719885386\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"False\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"424238335\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":38503} | |
| {"@timestamp":"2019-02-25T12:53:37.113Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":38685,"message":"{\"Module\": \"Bash History\", \"user\": \"pedro\", \"bash_commands\": [\"diskutil list\", \"cd \", \"sudo -i\", \"ls /var/log/\", \"cd /var/log/osquery/\", \"ls\", \"ls -la\", \"clear\", \"clear\", \"cd\", \"clear\", \"sudo -i\", \"/tmp/\", \"clear\", \"sudo -i\", \"cd Downloads/\", \"ls\", \"cd filebeat-6.5.4-darwin-x86_64/\", \"sudo -i\", \"cd Downloads/\", \"ls\", \"clear\", \"ls\", \"cd filebeat-6.5.4-darwin-x86_64/\", \"ls\", \"nano filebeat\", \"nano filebeat.yml \", \"sudo -i\", \"\"]}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:01:21.874Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":0,"message":"{\"Hostname\": \"pedros-Mac.local\", \"users\": [\"daemon\", \"nobody\", \"pedro\", \"root\", \"\"], \"module\": \"Users\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"Hostname\": \"pedros-Mac.local\", \"SIP Status\": \"enabled\", \"module\": \"System Intergrity Protection\"}","source":"/tmp/pedros-Mac.local.json","offset":104,"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"kernel\": \"18.2.0\", \"hostname\": \"pedros-Mac.local\", \"kernel_release\": \"xnu-4903.231.4~2/RELEASE_X86_64\", \"module\": \"System Info\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":204} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"offset":335,"message":"{\"date\": \"2018-12-11T07:31:45\", \"packageIdentifiers\": [\"com.apple.pkg.Core\", \"com.apple.pkg.EmbeddedOSFirmware\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"SU_TITLE\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":537,"message":"{\"date\": \"2018-12-11T07:44:31\", \"packageIdentifiers\": [\"com.parallels.pkg.guestostools.audio\", \"com.parallels.pkg.guestostools.video\", \"com.parallels.pkg.guestostools.tg\", \"com.parallels.pkg.guestostools.network\", \"com.parallels.pkg.guestostools.hosttime\", \"com.parallels.pkg.guestostools.sf\", \"com.parallels.pkg.guestostools.ts\", \"com.parallels.pkg.guestostools.ut\", \"com.parallels.pkg.guestostools.coherence\", \"com.parallels.pkg.guestostools.iagent\", \"com.parallels.pkg.guestostools.copypaste\", \"com.parallels.pkg.guestostools.dragdrop\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Parallels Tools for Mac\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-11T08:13:23\", \"packageIdentifiers\": [\"com.apple.pkg.macOSUpdCombo10.13.6Auto.RecoveryHDUpdate.17G65\", \"com.apple.pkg.macOSBrain\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS High Sierra 10.13.6 Update\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local"},"offset":1181} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-11T08:13:23\", \"packageIdentifiers\": [\"com.apple.pkg.iTunesX\", \"com.apple.pkg.iTunesAccess\", \"com.apple.pkg.CoreFP\", \"com.apple.pkg.CoreADI\", \"com.apple.pkg.MobileDevice\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"iTunes\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":1442} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":1718,"message":"{\"date\": \"2018-12-11T08:21:34\", \"packageIdentifiers\": [\"com.apple.pkg.FirmwareUpdate\", \"com.apple.pkg.update.os.Combo10.13.6Auto.17G65\", \"com.apple.pkg.SecureBoot\", \"com.apple.pkg.EmbeddedOSFirmware\", \"com.apple.update.fullbundleupdate.17G65\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS High Sierra 10.13.6 Update\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":2075,"message":"{\"date\": \"2018-12-11T11:06:24\", \"packageIdentifiers\": [\"com.apple.pkg.Safari12.0.2HighSierraAuto\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Safari\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local","architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":2261,"message":"{\"date\": \"2018-12-11T11:06:24\", \"packageIdentifiers\": [\"com.apple.pkg.macOSBrain\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Security Update 2018-003\", \"module\": \"Install History\"}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":2449,"message":"{\"date\": \"2018-12-11T18:36:42\", \"packageIdentifiers\": [\"com.apple.pkg.InstallAssistantAuto\", \"com.apple.pkg.InstallESDDmg\", \"com.apple.pkg.RecoveryHDMetaDmg\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS Mojave\", \"module\": \"Install History\"}"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":2701,"message":"{\"date\": \"2018-12-11T19:01:35\", \"packageIdentifiers\": [\"com.apple.pkg.Core\", \"com.apple.pkg.EmbeddedOSFirmware\", \"com.apple.pkg.SecureBoot\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"SU_TITLE\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":2931,"message":"{\"date\": \"2018-12-13T10:15:59\", \"packageIdentifiers\": [\"com.apple.pkg.XProtectPlistConfigData.16U4040\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"XProtectPlistConfigData\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":3139,"message":"{\"date\": \"2018-12-13T10:16:01\", \"packageIdentifiers\": [\"com.apple.pkg.GatekeeperConfigData.16U1642\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Gatekeeper Configuration Data\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local","architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":3350,"message":"{\"date\": \"2018-12-13T10:16:14\", \"packageIdentifiers\": [\"com.apple.pkg.TCCConfigData.16U1640\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"TCC Configuration Data\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":3547,"message":"{\"date\": \"2018-12-13T10:16:26\", \"packageIdentifiers\": [\"com.apple.pkg.MRTConfigData.16U4046\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"MRTConfigData\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-13T10:45:39\", \"packageIdentifiers\": [\"com.facebook.osquery\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"osquery-3.3.0\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":3735} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"message":"{\"date\": \"2018-12-13T10:47:27\", \"packageIdentifiers\": [\"ch.roe.xnumon\", \"ch.roe.kext.xnumon\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"xnumon\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":3908,"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":4089,"message":"{\"date\": \"2019-02-22T18:28:42\", \"packageIdentifiers\": [\"com.apple.pkg.GatekeeperConfigData.16U1679\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Gatekeeper Configuration Data\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":4300,"message":"{\"date\": \"2019-02-22T18:28:54\", \"packageIdentifiers\": [\"com.parallels.pkg.guestostools.audio\", \"com.parallels.pkg.guestostools.video\", \"com.parallels.pkg.guestostools.tg\", \"com.parallels.pkg.guestostools.network\", \"com.parallels.pkg.guestostools.hosttime\", \"com.parallels.pkg.guestostools.sf\", \"com.parallels.pkg.guestostools.ts\", \"com.parallels.pkg.guestostools.ut\", \"com.parallels.pkg.guestostools.coherence\", \"com.parallels.pkg.guestostools.iagent\", \"com.parallels.pkg.guestostools.copypaste\", \"com.parallels.pkg.guestostools.dragdrop\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Parallels Tools for Mac\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":4944,"message":"{\"date\": \"2019-02-22T18:29:24\", \"packageIdentifiers\": [\"com.apple.pkg.MRTConfigData.16U4050\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"MRTConfigData\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":5132,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Gatekeeper Status\", \"Gatekeeper Status\": \"assessments enabled\\n\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local","architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":5242,"message":"{\"Process Name\": \"apsd\", \"Process ID\": \"390\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49172-\u003e17.249.172.94:5223\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"message":"{\"Process Name\": \"apsd\", \"Process ID\": \"390\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49172-\u003e17.249.172.94:5223\"}","source":"/tmp/pedros-Mac.local.json","offset":5454,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":5666,"message":"{\"Process Name\": \"filebeat\", \"Process ID\": \"2802\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49315-\u003e172.16.250.152:XmlIpcRegSvc\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":5892,"message":"{\"Process Name\": \"filebeat\", \"Process ID\": \"2802\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49316-\u003e172.16.250.152:XmlIpcRegSvc\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":6118,"message":"{\"TERM\": \"xterm-256color\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":6212,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SSH_AUTH_SOCK\": \"/private/tmp/com.apple.launchd.B3dIjdIaHW/Listeners\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":6352,"message":"{\"PATH\": \"/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":6476,"message":"{\"LANG\": \"en_US.UTF-8\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":6567,"message":"{\"HOME\": \"/Users/pedro\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"MAIL\": \"/var/mail/root\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":6659} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"LOGNAME\": \"root\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":6753} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":6840,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"message":"{\"Hostname\": \"pedros-Mac.local\", \"USER\": \"root\", \"module\": \"Environment Variables\"}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"USERNAME\": \"root\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":6924} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":7012,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SHELL\": \"/bin/sh\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":7100,"message":"{\"SUDO_COMMAND\": \"/usr/bin/python /Users/pedro/Desktop/Venator.py -d /tmp/\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":7244,"message":"{\"SUDO_USER\": \"pedro\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":7334,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SUDO_UID\": \"501\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"offset":7421,"message":"{\"SUDO_GID\": \"20\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":7507,"message":"{\"__CF_USER_TEXT_ENCODING\": \"0x0:0:0\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":7613,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\", \"VERSIONER_PYTHON_VERSION\": \"2.7\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":7716,"message":"{\"Hostname\": \"pedros-Mac.local\", \"VERSIONER_PYTHON_PREFER_32_BIT\": \"no\", \"module\": \"Environment Variables\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":7824,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Environment Variables\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":7892,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Periodic Scripts\", \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"]}"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Periodic Scripts\", \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"], \"/etc/periodic/weekly/\": [\"320.whatis\", \"999.local\"]}","source":"/tmp/pedros-Mac.local.json","offset":8144,"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":8450,"message":"{\"/etc/periodic/monthly/\": [\"199.rotate-fax\", \"999.local\", \"200.accounting\"], \"/etc/periodic/daily/\": [\"199.clean-fax\", \"140.clean-rwho\", \"110.clean-tmps\", \"310.accounting\", \"420.status-network\", \"130.clean-msgs\", \"430.status-rwho\", \"999.local\", \"400.status-disks\"], \"Hostname\": \"pedros-Mac.local\", \"/etc/periodic/weekly/\": [\"320.whatis\", \"999.local\"], \"module\": \"Periodic Scripts\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":8833,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"module\": \"Cron Jobs\"}"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":8943,"message":"{\"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"module\": \"Cron Jobs\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"offset":9107,"message":"{\"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"module\": \"Cron Jobs\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"root\": [\"crontab: no crontab for root\\n\", null], \"module\": \"Cron Jobs\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"offset":9323} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":9589,"message":"{\"\": [\"crontab: user `' unknown\\n\", null], \"pedro\": [\"crontab: no crontab for pedro\\n\", null], \"daemon\": [\"crontab: no crontab for daemon\\n\", null], \"Hostname\": \"pedros-Mac.local\", \"nobody\": [\"crontab: no crontab for nobody\\n\", null], \"root\": [\"crontab: no crontab for root\\n\", null], \"module\": \"Cron Jobs\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Emond Rules\", \"/etc/emond.d/rules/SampleRules.plist\": [{\"name\": \"sample rule\", \"allowPartialCriterionMatch\": false, \"enabled\": false, \"actions\": [{\"logLevel\": \"Notice\", \"logType\": \"syslog\", \"message\": \"Event Monitor started at ${builtin:now}\", \"type\": \"Log\"}], \"criterion\": [{\"operator\": \"True\"}], \"eventTypes\": [\"startup\"]}]}","source":"/tmp/pedros-Mac.local.json","offset":9897,"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"offset":10268,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/dynres\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"9264fcec329d0be901973f7469afd187856d047f51840558d938a256921192d3\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.DynresHelper\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/dynres\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.DynresHelper.plist\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":10790,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/prlfs_desktop.sh\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"a4e067967acd4120b0ad1925c31987a1e672cee35fef846c0fe22921eee0ab0d\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.vm.sharedfolders.desktop\", \"Program Arguments\": \"'/Library/Parallels Guest Tools/prlfs_desktop.sh'\", \"Program\": \"None\", \"Executable Hash\": \"382727143bd3e1a9d82bac85f6ff7a6962d1bbc7c5c16a68733e0f27e594032b\", \"Path\": \"/Library/LaunchAgents/com.parallels.vm.sharedfolders.desktop.plist\"}"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Executable\": \"/Library/Parallels Guest Tools/prldragdrop\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"6cadda04967edec8818405617ad627efef8ffd6614e09ed9eff666200b86c8cb\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.dragdrop\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/prldragdrop\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.dragdrop.plist\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":11399} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":11923,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/coherence\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"435edf3ca7ddbf4ca91f40ac10327cb1f66676bf6ab909a042287ed8ed3d6eb5\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.coherence\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/coherence\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.coherence.plist\"}"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Executable\": \"/Library/Parallels Guest Tools/apphelper\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"e7e8652328c96832cfab914b4c9c6cac3ca446e58e11e48adf48bee99218a376\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.iagent\", \"Program Arguments\": \"'/Library/Parallels Guest Tools/apphelper', 'ptiagent'\", \"Program\": \"None\", \"Executable Hash\": \"a83b7633e5982d521c3330a54beba3b17a20dbfed567411484e56b311709b01d\", \"Path\": \"/Library/LaunchAgents/com.parallels.iagent.plist\"}","source":"/tmp/pedros-Mac.local.json","offset":12445,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":13016,"message":"{\"Executable\": \"/Library/Parallels Guest Tools/copypaste\", \"Signing Info\": {\"status\": -67062, \"Apple Binary\": false, \"Authority\": []}, \"hash\": \"84b3cbf2d559efe52f3480834a516fe13d9e450c4fa7cee3d0b22415cc070a66\", \"Run At Load\": \"True\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Agents\", \"Label\": \"com.parallels.copypaste\", \"Program Arguments\": \"None\", \"Program\": \"/Library/Parallels Guest Tools/copypaste\", \"Executable Hash\": \"Something is wrong here\", \"Path\": \"/Library/LaunchAgents/com.parallels.copypaste.plist\"}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":13538,"message":"{\"Program Arguments\": \"['/usr/local/sbin/xnumon', '-d']\", \"Executable\": \"/usr/local/sbin/xnumon\", \"Program\": \"/usr/local/sbin/xnumon\", \"hash\": \"ccd1b402cf7db9b544b1d7bc93e4c64adbba3b7ebfc9ada5c7afa1a2f7f0d095\", \"Executable Hash\": \"5ad746178928803c53fc7ce7729e186249cdce96581f258a74da0cce74d486e7\", \"Path\": \"/Library/LaunchDaemons/ch.roe.xnumon.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"ch.roe.xnumon\"}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/timesync']\", \"Executable\": \"/Library/Parallels Guest Tools/timesync\", \"Program\": \"None\", \"hash\": \"fbc6f396850a32032d48998dd7baa863d0f7cdf9dae1be77936ed83631fc1743\", \"Executable Hash\": \"94f43cc60b229e5927724a6f09eaec7fcad108303b9a8674e558f40f87efef15\", \"Path\": \"/Library/LaunchDaemons/com.parallels.TimeSync.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.TimeSync\"}","source":"/tmp/pedros-Mac.local.json","offset":13976,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":14442,"message":"{\"Program Arguments\": \"['/usr/local/bin/osqueryd', '--flagfile=/private/var/osquery/osquery.flags']\", \"Executable\": \"/usr/local/bin/osqueryd\", \"Program\": \"None\", \"hash\": \"a8f69ec43386f17fb05416170b6103c2c09fb97d5f1cebe900ce81b42b1e9c9e\", \"Executable Hash\": \"10e78f5d173499e340c3582eeded49bbadde83f515e501d8a37a270d87138f56\", \"Path\": \"/Library/LaunchDaemons/com.facebook.osqueryd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.facebook.osqueryd\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":14923,"message":"{\"Program Arguments\": \"['/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMessageTracer']\", \"Executable\": \"/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMessageTracer\", \"Program\": \"None\", \"hash\": \"120fb9acd8820b3459fdd179929a8f07bd7a9197eb45a45cc2c6dac8df2b94c1\", \"Executable Hash\": \"612574af8f160120fde32b53ce47ffe372a40267bfdb0c2f3e08aa59322b9f52\", \"Path\": \"/Library/LaunchDaemons/com.apple.installer.osmessagetracing.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.apple.installer.osmessagetracing\"}"} | |
| {"@timestamp":"2019-02-25T13:01:21.875Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":15501,"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/prl_fsd', '/Volumes/SharedFolders', '--share']\", \"Executable\": \"/Library/Parallels Guest Tools/prl_fsd\", \"Program\": \"None\", \"hash\": \"2ca857c31b98d19f929f5226e8a9396af13e0a3d81bb799ee7906b4d8ba7a1a1\", \"Executable Hash\": \"1c6ee9620475711ffb75bc44428d9499eb50ff735d9241bccb669fe3c0ba37b3\", \"Path\": \"/Library/LaunchDaemons/com.parallels.vm.prl_fsd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.vm.prl_fsd\"}"} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":16006,"message":"{\"Program Arguments\": \"['/Library/Parallels Guest Tools/prltoolsd']\", \"Executable\": \"/Library/Parallels Guest Tools/prltoolsd\", \"Program\": \"None\", \"hash\": \"d0c3be9808df1607155cd38bee880dab2a6a367370355d9072040ce45776a98f\", \"Executable Hash\": \"6b7fab3dfbff44ad08e557edf46bd4185f4d33bb3a9db5b419eeee6e5ed7820d\", \"Path\": \"/Library/LaunchDaemons/com.parallels.vm.prltoolsd.plist\", \"Hostname\": \"pedros-Mac.local\", \"module\": \"Launch Daemons\", \"Label\": \"com.parallels.vm.prltoolsd\"}"} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":16482,"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOExpressSASHBA2\", \"CFBundleExecutable\": \"ATTOExpressSASHBA2\", \"CFBundleName\": \"ATTOExpressSASHBA2\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOExpressSASHBA2.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO ExpressSAS HBA Driver 2.61.0f1 Copyright 2008-2018, ATTO Technology, Inc.\"}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":16909,"message":"{\"CFBundleIdentifier\": \"com.parallels.tools.ga\", \"CFBundleExecutable\": \"prl_video_ga\", \"CFBundleName\": \"Parallels Graphics Accelerator Plugin\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_video_ga.plugin/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":17303,"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.video\", \"CFBundleExecutable\": \"prl_video\", \"CFBundleName\": \"Parallels Framebuffer Driver\", \"OSBundleRequired\": \"Safe Boot\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_video.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}"} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":17689,"message":"{\"CFBundleIdentifier\": \"com.Accusys.driver.Acxxx\", \"CFBundleExecutable\": \"ACS6x\", \"CFBundleName\": \"ACS6x\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ACS6x.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ACS6x 3.5.3 Copyright (c) 2004-2017 Accusys, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64"},"offset":18038,"message":"{\"CFBundleIdentifier\": \"com.softraid.driver.SoftRAID\", \"CFBundleExecutable\": \"SoftRAID\", \"CFBundleName\": \"SoftRAID\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/SoftRAID.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"SoftRAID version 5.6.6, Copyright \\u00a9 2002-18 Other World Computing, Inc. All rights reserved.\"}"} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":18441,"message":"{\"CFBundleIdentifier\": \"com.highpoint-tech.kext.HighPointIOP\", \"CFBundleExecutable\": \"HighPointIOP\", \"CFBundleName\": \"HighPointIOP\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/HighPointIOP.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 4.4.1, Copyright (c) 2015 HighPoint Technologies, Inc.\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"CFBundleIdentifier\": \"com.CalDigit.driver.HDPro\", \"CFBundleExecutable\": \"CalDigitHDProDrv\", \"CFBundleName\": \"CalDigitHDProDrv\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/CalDigitHDProDrv.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"CalDigitHDProDrv 2.1.2 Copyright (c) 2004-2009 CalDigit, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":18837} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":19232,"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.eth\", \"CFBundleExecutable\": \"prl_eth\", \"CFBundleName\": null, \"OSBundleRequired\": \"Network-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_eth.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": null}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":19535,"message":"{\"CFBundleIdentifier\": \"com.parallels.driver.AppleIntelAC97Controller\", \"CFBundleExecutable\": \"AppleIntelAC97Controller\", \"CFBundleName\": \"Intel AC97 Controller Driver\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/AppleIntelAC97Controller.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version 1.1.0, Copyright 2002-2003 Apple Computer, Inc.\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":19964,"message":"{\"CFBundleIdentifier\": \"com.highpoint-tech.kext.HighPointRR\", \"CFBundleExecutable\": \"HighPointRR\", \"CFBundleName\": \"HighPointRR\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/HighPointRR.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 4.13.6, Copyright (c) 2017 HighPoint Technologies, Inc.\"}"} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":20357,"message":"{\"CFBundleIdentifier\": \"com.Areca.ArcMSR\", \"CFBundleExecutable\": \"ArcMSR\", \"CFBundleName\": \"ArcMSR\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ArcMSR.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Areca Driver 1.3.9\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":20670,"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOCelerityFC8\", \"CFBundleExecutable\": \"ATTOCelerityFC8\", \"CFBundleName\": \"ATTOCelerityFC8\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOCelerityFC8.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO Celerity FC Driver 3.26.0f1 Copyright 2008-2018, ATTO Technology, Inc.\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":21082,"message":"{\"CFBundleIdentifier\": \"ch.roe.kext.xnumon\", \"CFBundleExecutable\": \"xnumon\", \"CFBundleName\": \"xnumon\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/xnumon.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": null}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:01:22.698Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":21373,"message":"{\"CFBundleIdentifier\": \"com.promise.driver.stex\", \"CFBundleExecutable\": \"PromiseSTEX\", \"CFBundleName\": \"PromiseSTEX\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/PromiseSTEX.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version: 6.2.9, Copyright (c) 2010-2017 Promise Technology, Inc.\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T13:01:22.699Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":21754,"message":"{\"CFBundleIdentifier\": \"com.parallels.kext.tg\", \"CFBundleExecutable\": \"prl_tg\", \"CFBundleName\": \"prl_tg\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/prl_tg.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"14.1.2, Copyright 2005-2019 Parallels International GmbH\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:01:22.699Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"offset":22102,"message":"{\"CFBundleIdentifier\": \"com.ATTO.driver.ATTOExpressSASRAID2\", \"CFBundleExecutable\": \"ATTOExpressSASRAID2\", \"CFBundleName\": \"ATTOExpressSASRAID2\", \"OSBundleRequired\": \"Local-Root\", \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/ATTOExpressSASRAID2.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"ATTO ExpressSAS RAID Driver 3.76 Copyright 2009-2016, ATTO Technology, Inc.\"}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:22.699Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"offset":22530,"message":"{\"CFBundleIdentifier\": \"com.parallels.driver.AppleIntelAC97Audio\", \"CFBundleExecutable\": \"AppleIntelAC97Audio\", \"CFBundleName\": \"Intel AC97 Audio Driver\", \"OSBundleRequired\": null, \"Hostname\": \"pedros-Mac.local\", \"Kext Path\": \"/Library/Extensions/AppleIntelAC97Audio.kext/Contents/Info.plist\", \"module\": \"Kernel Extensions\", \"CFBundleGetInfoString\": \"Version 1.1.0, Copyright 2002-2003 Apple Computer, Inc.\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:22.699Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":22939,"message":"{\"Application\": \"/Applications/Siri.app\", \"module\": \"Applications\", \"App Hash\": \"659ce5b6f49531752edfd1b202a11a01d9cbe579e95e521d19f1b3fdbc0cb004\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Siri.app/Contents/MacOS/Siri\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:22.699Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":23335,"message":"{\"Application\": \"/Applications/QuickTime Player.app\", \"module\": \"Applications\", \"App Hash\": \"9f925e75b5363a9d91ac2f70f6576eacf98bcb396e3a85bb2e419f7cea0113c9\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/QuickTime Player.app/Contents/MacOS/QuickTime Player\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:01:22.699Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":23767,"message":"{\"Application\": \"/Applications/Chess.app\", \"module\": \"Applications\", \"App Hash\": \"615b1feb2bbd494aed09591672a7f931af687cad1e8c644c2160004648f62050\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Chess.app/Contents/MacOS/Chess\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":24166,"message":"{\"Application\": \"/Applications/Photo Booth.app\", \"module\": \"Applications\", \"App Hash\": \"c26dd0b8cce3f53ab2c93c542ca7fffd8d4bf5bafa19c4201c2ad819bcddba2a\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Photo Booth.app/Contents/MacOS/Photo Booth\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":24583,"message":"{\"Application\": \"/Applications/Books.app\", \"module\": \"Applications\", \"App Hash\": \"4a75c9f5efdb87c88eb59b980bac2ffd10e534c8a034786ff3ae6030e9f9cf01\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Books.app/Contents/MacOS/Books\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":24982,"message":"{\"Application\": \"/Applications/.DS_Store\", \"module\": \"Applications\", \"App Hash\": \"4a75c9f5efdb87c88eb59b980bac2ffd10e534c8a034786ff3ae6030e9f9cf01\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Books.app/Contents/MacOS/Books\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"offset":25381,"message":"{\"Application\": \"/Applications/Notes.app\", \"module\": \"Applications\", \"App Hash\": \"67e7e537427584acc50f0cd34d141f08c20796ea42073509299a9e73c9ec4fff\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Notes.app/Contents/MacOS/Notes\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":25780,"message":"{\"Application\": \"/Applications/Image Capture.app\", \"module\": \"Applications\", \"App Hash\": \"1c5fac3acbe9dc846926c39762cb41a5c0e14160eb6b1ecae903d08c2d186c32\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Image Capture.app/Contents/MacOS/Image Capture\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local"},"message":"{\"Application\": \"/Applications/Home.app\", \"module\": \"Applications\", \"App Hash\": \"36e01c95cd54d08aa3f320e9338564bd4c532da9e78344eeb6ed9ff62f521045\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Home.app/Contents/MacOS/Home\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":26203,"input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json","offset":26599,"message":"{\"Application\": \"/Applications/.localized\", \"module\": \"Applications\", \"App Hash\": \"36e01c95cd54d08aa3f320e9338564bd4c532da9e78344eeb6ed9ff62f521045\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Home.app/Contents/MacOS/Home\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Preview.app\", \"module\": \"Applications\", \"App Hash\": \"0f9d95339af191875392222af88fa151f937eddb3c02f81a5024e4bb7022709d\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Preview.app/Contents/MacOS/Preview\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":26997,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":27402,"message":"{\"Application\": \"/Applications/Dashboard.app\", \"module\": \"Applications\", \"App Hash\": \"d16b45973a6329296ada0e0d8dc413a00f8f2c95cc472b3eb36fd1a7080ed9a7\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Dashboard.app/Contents/MacOS/Dashboard\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"architecture":"x86_64","name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":27813,"message":"{\"Application\": \"/Applications/News.app\", \"module\": \"Applications\", \"App Hash\": \"91733567592d94d416d995e1c858ac9f3b8f094d89eeca145ff590bfdac7782b\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/News.app/Contents/MacOS/News\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"offset":28209,"message":"{\"Application\": \"/Applications/TextEdit.app\", \"module\": \"Applications\", \"App Hash\": \"7b3f956664bd79dece5bbb4087b46968e7f2fd8773b1e0178be845d40e4116de\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/TextEdit.app/Contents/MacOS/TextEdit\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":28617,"message":"{\"Application\": \"/Applications/Stocks.app\", \"module\": \"Applications\", \"App Hash\": \"79f68b48a37f052997f5f9c773b5167ed582bbb78fb04d5ad25c131de54859dd\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Stocks.app/Contents/MacOS/Stocks\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":29019,"message":"{\"Application\": \"/Applications/Mail.app\", \"module\": \"Applications\", \"App Hash\": \"c5a5ccd6364304e0e2ffa765d80a32a3518d5f2127e4b064a80d71f64d28126a\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Mail.app/Contents/MacOS/Mail\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":29415,"message":"{\"Application\": \"/Applications/Safari.app\", \"module\": \"Applications\", \"App Hash\": \"fc635209818abaa4ae37b54c6efad8b5b58c80ba6b7f29e05bee30289fd8dd49\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Safari.app/Contents/MacOS/Safari\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":29817,"message":"{\"Application\": \"/Applications/Dictionary.app\", \"module\": \"Applications\", \"App Hash\": \"85d63b59e0ace173290fa0a29827eddd65bb5d66e610903bbad4420c338b809c\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Dictionary.app/Contents/MacOS/Dictionary\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":30231,"message":"{\"Application\": \"/Applications/Contacts.app\", \"module\": \"Applications\", \"App Hash\": \"8ca4b70162b001ca23c77f381101649750d306f684c8646dc231584e57ab0783\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Contacts.app/Contents/MacOS/Contacts\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Application\": \"/Applications/Time Machine.app\", \"module\": \"Applications\", \"App Hash\": \"21d7852366d8deed020fd1299dff162e8de86a68e3a2828d1b5d3d1a6dd021f3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Time Machine.app/Contents/MacOS/Time Machine\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","offset":30639,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":31059,"message":"{\"Application\": \"/Applications/Utilities\", \"module\": \"Applications\", \"App Hash\": \"21d7852366d8deed020fd1299dff162e8de86a68e3a2828d1b5d3d1a6dd021f3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Time Machine.app/Contents/MacOS/Time Machine\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":31472,"message":"{\"Application\": \"/Applications/Font Book.app\", \"module\": \"Applications\", \"App Hash\": \"bd4f183e948eceadcbc899016a06d8b4a5b8ff6f9b17a86236bf035f8a76e0b3\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Font Book.app/Contents/MacOS/Font Book\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}}} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":31883,"message":"{\"Application\": \"/Applications/FaceTime.app\", \"module\": \"Applications\", \"App Hash\": \"2b2d847841d19024d96b87c5fdf2c680f6175afcce6bd64b416ff0810e555ace\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/FaceTime.app/Contents/MacOS/FaceTime\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}"} | |
| {"@timestamp":"2019-02-25T13:01:38.013Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":32291,"message":"{\"Application\": \"/Applications/Maps.app\", \"module\": \"Applications\", \"App Hash\": \"fb4f140d7113177fcfb1f648cadb53c14f993413c1595a008eca5f6a51d65594\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Maps.app/Contents/MacOS/Maps\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":32687,"message":"{\"Application\": \"/Applications/Mission Control.app\", \"module\": \"Applications\", \"App Hash\": \"ab3777237bd55d8c989753ed7e689f14d12080d8a0424c515be49fa51e20626d\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Mission Control.app/Contents/MacOS/Mission Control\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"offset":33116,"message":"{\"Application\": \"/Applications/Stickies.app\", \"module\": \"Applications\", \"App Hash\": \"2d99b9eff803ae0f12f862e49f2acb61f366a20a297bf336af39dbdcd3a4ff77\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Stickies.app/Contents/MacOS/Stickies\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":33524,"message":"{\"Application\": \"/Applications/Photos.app\", \"module\": \"Applications\", \"App Hash\": \"e5ba1e45ea442103882e56876d4c1ac134001e6ee01be3f91cc1fd55bc564226\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Photos.app/Contents/MacOS/Photos\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"source":"/tmp/pedros-Mac.local.json","offset":33926,"message":"{\"Application\": \"/Applications/Messages.app\", \"module\": \"Applications\", \"App Hash\": \"ac927ae17bf5173a31a429be099b1fad74756c1130b96f0d9a3e643ea2e766b0\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Messages.app/Contents/MacOS/Messages\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":34334,"message":"{\"Application\": \"/Applications/Calculator.app\", \"module\": \"Applications\", \"App Hash\": \"e7edb05f935b66021a108082107523cef18d934a9c176cfdee16a81158a44cb7\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Calculator.app/Contents/MacOS/Calculator\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":34748,"message":"{\"Application\": \"/Applications/VoiceMemos.app\", \"module\": \"Applications\", \"App Hash\": \"ad72e1623011457e03c8c662a0a18d1fbaaf44eec359d48413dd5bdb9517afbf\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/VoiceMemos.app/Contents/MacOS/VoiceMemos\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":35162,"message":"{\"Application\": \"/Applications/iTunes.app\", \"module\": \"Applications\", \"App Hash\": \"94c3d7870dd1a865e2f27a64f9cbd3182424123ffec79c788ac98d37f0f009ee\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/iTunes.app/Contents/MacOS/iTunes\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":35564,"message":"{\"Application\": \"/Applications/Launchpad.app\", \"module\": \"Applications\", \"App Hash\": \"3a24761426ebbb9c889c4cc806e9a241f296459cb243eec9e4492d70ef58f2d8\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Launchpad.app/Contents/MacOS/Launchpad\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"architecture":"x86_64","name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":35975,"message":"{\"Application\": \"/Applications/Reminders.app\", \"module\": \"Applications\", \"App Hash\": \"ea8f7ca6790139d2dd7d2e72ad9a2b8153f0228ccb7c4f643006bbf69a66fc55\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Reminders.app/Contents/MacOS/Reminders\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":36386,"message":"{\"Application\": \"/Applications/App Store.app\", \"module\": \"Applications\", \"App Hash\": \"c895b9f090d52298539d3ad6f0e0c3a3c9d32517c9fa43e82c45617177c69b07\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/App Store.app/Contents/MacOS/App Store\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":36797,"message":"{\"Application\": \"/Applications/Automator.app\", \"module\": \"Applications\", \"App Hash\": \"05e9783f41567545e92e239ba629515eb8e6b6ba9d79cae3fb204dff2dd713a9\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Automator.app/Contents/MacOS/Automator\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":37208,"message":"{\"Application\": \"/Applications/Calendar.app\", \"module\": \"Applications\", \"App Hash\": \"6fbc168c2b14270aefb3ad1a73efea31a571600fe85c9344abc37d7a4f6ed64b\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/Calendar.app/Contents/MacOS/Calendar\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"offset":37616,"message":"{\"Application\": \"/Applications/System Preferences.app\", \"module\": \"Applications\", \"App Hash\": \"bed7eeac83d232a0d090a4158b3a1872aaa8744235b8d6dcb7f933087258cff5\", \"Hostname\": \"pedros-Mac.local\", \"App Executable\": \"/Applications/System Preferences.app/Contents/MacOS/System Preferences\", \"App Signature\": {\"status\": 0, \"Apple Binary\": true, \"Authority\": [\"Software Signing\", \"Apple Code Signing Certification Authority\", \"Apple Root CA\"]}}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"offset":38054,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"1189641421\", \"Tapping Process Name\": \"/System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"334\", \"Module\": \"Event Taps\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":38296,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"596516649\", \"Tapping Process Name\": \"/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"315\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":38588,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"1649760492\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"False\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:45.493Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":38772,"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"719885386\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"False\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:01:45.494Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"Tapped Process ID\": \"0\", \"eventTapID\": \"424238335\", \"Tapping Process Name\": \"/usr/sbin/universalaccessd\\n\", \"Enabled\": \"True\", \"Tapping Process ID\": \"290\", \"Module\": \"Event Taps\"}","source":"/tmp/pedros-Mac.local.json","offset":38955,"prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:01:45.494Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Module\": \"Bash History\", \"user\": \"pedro\", \"bash_commands\": [\"diskutil list\", \"cd \", \"sudo -i\", \"ls /var/log/\", \"cd /var/log/osquery/\", \"ls\", \"ls -la\", \"clear\", \"clear\", \"cd\", \"clear\", \"sudo -i\", \"/tmp/\", \"clear\", \"sudo -i\", \"cd Downloads/\", \"ls\", \"cd filebeat-6.5.4-darwin-x86_64/\", \"sudo -i\", \"cd Downloads/\", \"ls\", \"clear\", \"ls\", \"cd filebeat-6.5.4-darwin-x86_64/\", \"ls\", \"nano filebeat\", \"nano filebeat.yml \", \"sudo -i\", \"\"]}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"}},"source":"/tmp/pedros-Mac.local.json","offset":39137} | |
| {"@timestamp":"2019-02-25T13:07:00.668Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"Hostname\": \"pedros-Mac.local\", \"users\": [\"daemon\", \"nobody\", \"pedro\", \"root\", \"\"], \"module\": \"Users\"}","source":"/tmp/pedros-Mac.local.json","offset":0,"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":104,"message":"{\"Hostname\": \"pedros-Mac.local\", \"SIP Status\": \"enabled\", \"module\": \"System Intergrity Protection\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":204,"message":"{\"kernel\": \"18.2.0\", \"hostname\": \"pedros-Mac.local\", \"kernel_release\": \"xnu-4903.231.4~2/RELEASE_X86_64\", \"module\": \"System Info\"}"} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":335,"message":"{\"date\": \"2018-12-11T07:31:45\", \"packageIdentifiers\": [\"com.apple.pkg.Core\", \"com.apple.pkg.EmbeddedOSFirmware\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"SU_TITLE\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":537,"message":"{\"date\": \"2018-12-11T07:44:31\", \"packageIdentifiers\": [\"com.parallels.pkg.guestostools.audio\", \"com.parallels.pkg.guestostools.video\", \"com.parallels.pkg.guestostools.tg\", \"com.parallels.pkg.guestostools.network\", \"com.parallels.pkg.guestostools.hosttime\", \"com.parallels.pkg.guestostools.sf\", \"com.parallels.pkg.guestostools.ts\", \"com.parallels.pkg.guestostools.ut\", \"com.parallels.pkg.guestostools.coherence\", \"com.parallels.pkg.guestostools.iagent\", \"com.parallels.pkg.guestostools.copypaste\", \"com.parallels.pkg.guestostools.dragdrop\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Parallels Tools for Mac\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":1181,"message":"{\"date\": \"2018-12-11T08:13:23\", \"packageIdentifiers\": [\"com.apple.pkg.macOSUpdCombo10.13.6Auto.RecoveryHDUpdate.17G65\", \"com.apple.pkg.macOSBrain\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS High Sierra 10.13.6 Update\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"host":{"os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"name":"pedros-Mac.local","architecture":"x86_64"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-11T08:13:23\", \"packageIdentifiers\": [\"com.apple.pkg.iTunesX\", \"com.apple.pkg.iTunesAccess\", \"com.apple.pkg.CoreFP\", \"com.apple.pkg.CoreADI\", \"com.apple.pkg.MobileDevice\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"iTunes\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":1442,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-11T08:21:34\", \"packageIdentifiers\": [\"com.apple.pkg.FirmwareUpdate\", \"com.apple.pkg.update.os.Combo10.13.6Auto.17G65\", \"com.apple.pkg.SecureBoot\", \"com.apple.pkg.EmbeddedOSFirmware\", \"com.apple.update.fullbundleupdate.17G65\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS High Sierra 10.13.6 Update\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":1718,"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"name":"pedros-Mac.local","architecture":"x86_64"},"offset":2075,"message":"{\"date\": \"2018-12-11T11:06:24\", \"packageIdentifiers\": [\"com.apple.pkg.Safari12.0.2HighSierraAuto\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Safari\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":2261,"message":"{\"date\": \"2018-12-11T11:06:24\", \"packageIdentifiers\": [\"com.apple.pkg.macOSBrain\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Security Update 2018-003\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64","name":"pedros-Mac.local"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"date\": \"2018-12-11T18:36:42\", \"packageIdentifiers\": [\"com.apple.pkg.InstallAssistantAuto\", \"com.apple.pkg.InstallESDDmg\", \"com.apple.pkg.RecoveryHDMetaDmg\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"macOS Mojave\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":2449,"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":2701,"message":"{\"date\": \"2018-12-11T19:01:35\", \"packageIdentifiers\": [\"com.apple.pkg.Core\", \"com.apple.pkg.EmbeddedOSFirmware\", \"com.apple.pkg.SecureBoot\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"SU_TITLE\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"version":"6.5.4","name":"pedros-Mac.local","hostname":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":2931,"message":"{\"date\": \"2018-12-13T10:15:59\", \"packageIdentifiers\": [\"com.apple.pkg.XProtectPlistConfigData.16U4040\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"XProtectPlistConfigData\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2018-12-13T10:16:01\", \"packageIdentifiers\": [\"com.apple.pkg.GatekeeperConfigData.16U1642\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Gatekeeper Configuration Data\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":3139} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"offset":3350,"message":"{\"date\": \"2018-12-13T10:16:14\", \"packageIdentifiers\": [\"com.apple.pkg.TCCConfigData.16U1640\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"TCC Configuration Data\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json"} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":3547,"message":"{\"date\": \"2018-12-13T10:16:26\", \"packageIdentifiers\": [\"com.apple.pkg.MRTConfigData.16U4046\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"MRTConfigData\", \"module\": \"Install History\"}","input":{"type":"log"},"prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"prospector":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":3735,"message":"{\"date\": \"2018-12-13T10:45:39\", \"packageIdentifiers\": [\"com.facebook.osquery\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"osquery-3.3.0\", \"module\": \"Install History\"}"} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}},"message":"{\"date\": \"2018-12-13T10:47:27\", \"packageIdentifiers\": [\"ch.roe.xnumon\", \"ch.roe.kext.xnumon\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"xnumon\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":3908,"prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"message":"{\"date\": \"2019-02-22T18:28:42\", \"packageIdentifiers\": [\"com.apple.pkg.GatekeeperConfigData.16U1679\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Gatekeeper Configuration Data\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":4089,"prospector":{"type":"log"},"input":{"type":"log"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"platform":"darwin","version":"10.14.2","family":"darwin","build":"18C54"}}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"source":"/tmp/pedros-Mac.local.json","offset":4300,"message":"{\"date\": \"2019-02-22T18:28:54\", \"packageIdentifiers\": [\"com.parallels.pkg.guestostools.audio\", \"com.parallels.pkg.guestostools.video\", \"com.parallels.pkg.guestostools.tg\", \"com.parallels.pkg.guestostools.network\", \"com.parallels.pkg.guestostools.hosttime\", \"com.parallels.pkg.guestostools.sf\", \"com.parallels.pkg.guestostools.ts\", \"com.parallels.pkg.guestostools.ut\", \"com.parallels.pkg.guestostools.coherence\", \"com.parallels.pkg.guestostools.iagent\", \"com.parallels.pkg.guestostools.copypaste\", \"com.parallels.pkg.guestostools.dragdrop\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"Parallels Tools for Mac\", \"module\": \"Install History\"}","prospector":{"type":"log"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"}}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"beat":{"hostname":"pedros-Mac.local","version":"6.5.4","name":"pedros-Mac.local"},"host":{"name":"pedros-Mac.local","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"},"architecture":"x86_64"},"message":"{\"date\": \"2019-02-22T18:29:24\", \"packageIdentifiers\": [\"com.apple.pkg.MRTConfigData.16U4050\"], \"Hostname\": \"pedros-Mac.local\", \"displayName\": \"MRTConfigData\", \"module\": \"Install History\"}","source":"/tmp/pedros-Mac.local.json","offset":4944,"prospector":{"type":"log"},"input":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"architecture":"x86_64","os":{"family":"darwin","build":"18C54","platform":"darwin","version":"10.14.2"},"name":"pedros-Mac.local"},"source":"/tmp/pedros-Mac.local.json","offset":5132,"message":"{\"Hostname\": \"pedros-Mac.local\", \"module\": \"Gatekeeper Status\", \"Gatekeeper Status\": \"assessments enabled\\n\"}","input":{"type":"log"},"prospector":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"input":{"type":"log"},"beat":{"name":"pedros-Mac.local","hostname":"pedros-Mac.local","version":"6.5.4"},"host":{"name":"pedros-Mac.local","os":{"build":"18C54","platform":"darwin","version":"10.14.2","family":"darwin"},"architecture":"x86_64"},"source":"/tmp/pedros-Mac.local.json","offset":5242,"message":"{\"Process Name\": \"apsd\", \"Process ID\": \"390\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49172-\u003e17.249.172.94:5223\"}","prospector":{"type":"log"}} | |
| {"@timestamp":"2019-02-25T13:07:00.671Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.5.4","topic":"filebeat"},"host":{"name":"pedros-Mac.local","architecture":"x86_64","os":{"version":"10.14.2","family":"darwin","build":"18C54","platform":"darwin"}},"source":"/tmp/pedros-Mac.local.json","offset":5454,"message":"{\"Process Name\": \"apsd\", \"Process ID\": \"390\", \"User\": \"root\", \"module\": \"Established Connections\", \"Hostname\": \"pedros-Mac.local\", \"TCP/UDP\": \"TCP\", \"Connection Flow\": \"172.16.250.154:49172-\u003e17.249.172.94:5223\"} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment