Engine - System macOS integration

[JcabreraC]

Wazuh version	Component	Install type	Install method	Platform
5.0.0	Engine	Manager	Packages/Sources	OS version

This issue is to make an enhancement to the Wazuh engine to expand its ruleset and improve the overall user experience. Specifically, the integration of system macOS into the engine's list of supported integrations.

To ensure compatibility and interoperability, this system macOS integration should adhere to the Elastic Common Schema (ECS) in all its fields. By following ECS guidelines, we can maintain consistency and facilitate seamless data management across different systems.

As part of this integration, we must track and report the number of fields successfully extracted from system macOS, as well as those that could not be extracted, along with the reasons for their exclusion. This information will assist users in understanding the data availability and any potential limitations they may encounter.

We aim to achieve the following objectives:

1. Expanded Ruleset: Increase the coverage of rules within the Wazuh engine, enabling more comprehensive security monitoring and threat detection capabilities.
2. Improved User Experience: Provide users with a seamless and user-friendly experience when utilizing Wazuh's system macOS integration, making it easier to extract and analyze relevant data.
3. ECS Compliance: Ensure that all fields within the system macOS integration align with the Elastic Common Schema, promoting interoperability and simplifying data management.

Task List:

• [ ] Obtain a list and a pre-analysis of the possible event types with the default configuration.
• [ ] Create a decoder to extract the useful fields of each event type.
• [ ] Analysis of fields that can be obtained but there is no clear destination in the ECS.
• [ ] Analysis of fields that cannot be extracted (parse).
• [ ] Generate end to end events and check filbeat logs to rule out errors
• [ ] Add test and expected for all event types