Forum Discussion
Mac OS Logs
arran1580 If you're using Intune (Endpoint Manager) to manage the Mac devices, you can do the following and then setup custom log ingestion into the Log Analytics workspace for Sentinel.
https://docs.microsoft.com/en-us/mem/intune/apps/macos-shell-scripts#collect-device-logs
You will still need to do some post-ingestion parsing, though.
arran1580
You could look at CMDReporter. When testing out multiple SIEMS our MAC systems became a big sticking point based on how it now consolidates its logs into the Unified Logging system. CMDReporter was a cheap third party tool that would parse the data out of the unified logging system and dump it to a JSON file to send to the respective Log Correlation system of your choosing. Seemed to be the best way forward for us.