Use case: Enable more efficient and quick OS Upgrade on mac systems by detecting the OS upgrade. Our observations: To understand how OS upgrade works, we observed ES events during the upgrade (using eslogger) and found the below observations: For OTA upgrade: nsurlsessiond starts downloading the UpdateBrainService to a temporary location nsurlsessiond also downloads the Mac OS update to the same temporary location com.apple.StreamingUnzipService.privileged service unzips the update archive to the same temp folder mobileassetd later moves it to a permanent folder UpdateBrainService is started For full installer upgrade: Processes from within the full installer App like InstallAssistant_springboard, InstallAssistant, osinstallersetupd, osisstashhelper, osishelperd_intel. Information needed Confirm if the above processes and events we are looking at are good enough, or if there are more significant events (file operations or process launches) that we can look at to more certainly detect the OS upgrade start. We want to understand the exact start point of the OS upgrades in different methods OTA, full installer etc for both major and minor OS upgrades. Information on additional fields in ES message which we could look that make the processes involved in OS upgrade unique, for example "signing_id".