macOS Intrusion Detection
Watch for local security signals that deserve review.
MSAA helps identify suspicious activity, persistence, ports, local network changes, device activity, and remote access changes on authorized Macs.
Detection areas
Intrusion detection in MSAA is evidence-focused and local-first. Findings are review signals, not automatic proof of compromise.
- Persistence and LaunchAgent review
- LaunchDaemon monitoring
- Listening port and localhost review
- USB and Bluetooth changes
- Remote access and admin changes
- Baseline comparison over time
