By examining recent exploits and malware attacks, we'll illustrate that macOS is a rather vulnerable and an ever more targeted OS. And unfortunately for Mac users, traditional signature-based approaches often fail to detect such threats. Instead a heuristic-based, behavioral approach is clearly needed. In this talk, we will discuss a new open-source monitoring framework which passively collects a myriad of system events. Building on top of this, we will then detail a predicate-based system that leverages Apple’s game (logic) engine to quickly and efficiently apply rules against these events. End result? A comprehensive detection, response and threat hunting platform.