The sensor type is the type of event the analytic is configured to monitor on a Mac computer. The following event types can be monitored:
- File Events (GPFSEvent) —
Monitors files that are written, edited, or deleted from computers or mounted volumes.
- Process Events (GPProcessEvent) —
Monitors processes that are launched or terminated on computers.
- Synthetic Click Events (GPSyntheticClickEvent) —
Monitors programmatic mouse clicks used to dismiss notifications, approve actions, or interact with user prompts.
- Screenshot Events (GPScreenshotEvent) —
Monitors a user's screenshot activity on computers, the path of the resulting screenshot, and the file metadata associated with the screenshot.
- USB Events (GPUSBEvent) —
Monitors USB devices inserted into computers.
- Download Events (GPDownloadEvents) —
Monitors files downloaded from the internet.
- Malware Removal Tool (MRT) Events —
Monitors actions and logs from Malware Removal Tool (MRT), Apple's built-in application responsible for removing targeted files from macOS.
- Gatekeeper Events —
Monitors actions and logs from Gatekeeper, Apple's built-in feature for enforcing code signing and verifying downloaded apps before opening them.
- Keylog Register Events —
Monitors for new "event tap" registrations via the Core Graphics framework on macOS. Core Graphic event taps are often used by certain types of keylogging and accessibility software.