modules/

Package endpointsecurity provides telemetry modules that trigger Endpoint Security framework event types.

Package file provides telemetry modules for file system activity simulation, covering file creation and modification patterns that trigger EDR file events.

Package network provides telemetry modules for network activity simulation, covering TCP connections, listening sockets, HTTP beaconing, DNS resolution, and reverse shell patterns used for EDR and detection engineering validation.

Package plistmod provides telemetry modules for plist file creation and modification, generating file write events and defaults-system activity observed by EDR sensors.

Package process provides telemetry modules for process activity simulation, covering process spawning, dylib injection, and signal delivery patterns used by macOS malware and targeted attack tooling.

Package service provides telemetry modules for LaunchAgent and LaunchDaemon persistence simulation.

Package tcc provides telemetry modules for TCC (Transparency, Consent, and Control) permission probing.

Package xpc provides a telemetry module for XPC service enumeration via launchctl, generating IPC discovery activity observable by macOS security tooling.