EDR Onboarding for Mac

EDR onboarding is supported for Mac-based assets, expanding protection to macOS devices. You can onboard Intel-based and Apple Silicon (ARM) Macs through the standard onboarding workflow and deploy the EDR agent directly.

Once onboarded, EDR events, detections, and telemetry from Mac assets are fully integrated and visible in the EDR UI.

Mac Prerequisites for EDR

Ensure you meet the following requirements while onboarding Mac Cloud Agent for EDR 3.7.0 or for EDR.

Supported Operating Systems

The following table lists the supported operating systems for architecture ARM and Intel:

OS Distribution Code Name Qualys EPP
15.x Sequoia
14.x Sonoma

Mac Hardware Requirements

The following table lists the supported hardware requirements for architecture ARM and Intel:

Mac Cloud Agent Version CPU Memory Disk Space
6.1.0. (ARM) 8 Core Processor 8 GB of RAM 1024 MB
6.0.0 (Intel) 8 Core Processor 8 GB of RAM 1024 MB

Mac Software Requirements

The following are the software requirements for architecture ARM and Intel:

  • Root Access- Mac Agent requires sudo or root access. 
  • The system should be SIP [System Integrity Protection] enabled.
    You can check the SIP status using the Terminal command: csrutil status
    131808MBP15:~ root# csrutil status
    System Integrity Protection status: enabled

Installation Prerequisites

Ensure the following are enabled in the EDR Configuration Profile of the Cloud Agent application:

  • Enable Endpoint Detection and Response (EDR) for this profile
  • Enable Qualys Anti-malware Protection (EPP) for this profile