MacOS.Sigma.Triage

MacOS.Sigma.Triage artifact #

This artifact compiles the macOS rules from SigmaHQ into a Velociraptor artifact using the macOS Sigma Base model. Currently covers process_creation rules only.

Base Artifact: MacOS.Sigma.BaseVQL

You can download the artifact pack here MacOS-Sigma-Triage.zip and customize using instructions at Customizing Artifacts