10.14 will add identity tokens to audit records. They seem to carry code signing information of the binary which caused the audit event.
identity,0,com.apple.airport.airportd,complete,,complete,0x9003b5ecb83f531df993b3a68d34cde808b38381
Needs some testing, but probably we can make use of this in xnumon.
10.14 will add identity tokens to audit records. They seem to carry code signing information of the binary which caused the audit event.
Needs some testing, but probably we can make use of this in xnumon.