Apple Endpoint Security Log Analyzer

Timeline and process tree visualizer

Upload one or more Endpoint Security captures from eslogger or Mac Monitor (.json/.ndjson) and analyze them entirely in your browser. Files are processed locally on your device and are never uploaded to a backend.

Log captures

Select Endpoint Security logs

No files selected. Drag files here or click to browse.

Browse

Include sampled `write` events in timeline Max nodes in tree: 220

Waiting for files.

Filters And Export

Filter all views at once, then export the filtered timeline and rendered tree.

Event kind PID Path/args contains Signing/team contains Start time End time

No filters applied.

Event Mix

Most frequent event categories in the filtered data set.

Timeline Story

Chronological high-signal events to reconstruct process behavior.

Process Tree

Fork/exec lineage with arguments and code-signing metadata. Click a node for details.

Color by Render Tree by Root process Show file create/rename Lineage color