Macos Net Discovery

Date: 2025-08-15 ID: e0c0d5e5-8c29-4db3-9d27-d42f31c552f5 Author: Jamie Windley Environment: vm Directory: macos_net_discovery

Description

Generated datasets for MacOS net discovery

MITRE ATT&CK Techniques

ID	Technique	Tactic
T1016	System Network Configuration Discovery	Discovery

Environment Details

Field	Value
Environment	vm
Directory	macos_net_discovery
Test Date	2025-08-15

Datasets

The following datasets were collected during this attack simulation:

Osquery:results

Path: /datasets/attack_techniques/T1016/atomic_red_team/macos_net_discovery/macos_list_firewall_rules.log
Sourcetype: osquery:results
Source: osquery:results

Osquery:results

Path: /datasets/attack_techniques/T1016/atomic_red_team/macos_net_discovery/macos_network_discovery.log
Sourcetype: osquery:results
Source: osquery:results

No specific detections currently use this attack data for testing. However, you can find related detections and analytics in our security content repository.

Usage Instructions

Replay with Splunk Attack Data

Replay attack data with replay.py from Splunk Attack Data.

1python replay.py --dataset /datasets/attack_techniques/T1016/atomic_red_team/macos_net_discovery/macos_list_firewall_rules.log --index attack_data

Manual Import

Download the dataset files from the paths listed above
Configure your Splunk instance with the appropriate sourcetypes
Import the logs using the Splunk Add Data wizard

Find more detections and analytics for this attack technique in our security content repository.

Source: GitHub | Version: 1.0

Macos Net Discovery

Description

MITRE ATT&CK Techniques

Environment Details

Datasets

Osquery:results

Osquery:results

Related Detections

Usage Instructions

Replay with Splunk Attack Data

Manual Import

Related Content