Projects

OpenBSM Parser

A parser for the OpenBSM audit trail file format written in Python and utilising Fox-IT’s Dissect.Cstruct. The parser acts similar to OpenBSM’s praudit(1) and is able to parse all record types fonud in macOS & FreeBSD. The output of the parser is an XML file which can then be easily ingested into a SIEM such as Splunk or Elastic for easier querying. The parser can currently be found under the following places: Codeberg & Github.