To detect new Mac malware, a behavior-based approach is needed. Here we discuss an open-source monitoring framework which passively collects system events, and will then detail a rule-based system that leverages Apple’s game engine to quickly and efficiently apply rules against these collected events. End result? A comprehensive, extensible detection, response and threat hunting platform.
