Audit Viewer Downloads

Below are a number of data sets to practice with.

NOTE: if a BSM file remains compressed after downloading it (it will end with ".gz" and the document icon will show a zipper), just double click the compressed file to uncompress it.

BSM with PS Data

The following BSM file and PS data show how the two data sets can be combined to reveal even more information. If you look at just the BSM audit data (open with File > Read BSM File...), many of the processes are unnamed. If you then open the corresponding PS file (open with File > Use PS File...), you can then see what many of the unnamed processes are. For more information on getting PS Log files to use with Audit View, see PS Logger.

BSM file: 20140312164355.20140312164636

PS Log file: ps.20140312164355.nsqps

Snow Leopard Advanced Persistent Threat Malware Data

Audit Viewer can read BSM files from Snow Leopard through Mavericks (and hopefully future OS X releases). This data set is an old Snow Leopard data set used to test Audit Explorer.

BSM file: apt.bsm