In this blog post, we’ll take a look at an example of a typical targeted attack with OS X malware as well as discover how to hunt for it in CrowdStrike’s Falcon Host Endpoint Activity Monitoring (EAM) application. One of the most unique features of this solution is that we don’t need to waste time or impact system performance by running any type of incident response script on the host. Using EAM negates the extra work of tracking down a computer, making sure it is on, dealing with possible network issues, and waiting for gigabytes of data to transfer back for analysis. The data is collected transparently and continuously, and it is always available for immediate search and analysis. We like to call this Instant Response.