I have not done much testing with the MAC client, however, I did get it to function with a generic application template:
Executable Directory > Contains > "/Applications "
So it should essentially trigger on any application accessing my generic classification.
In my example it generated an incident when opening a text file with the OSX TextEdit application. In the incident details if you click on the "Source Application" hyperlink it will give you the rest of the variables that you can use to make the application rule more granular:
Edit: Corrected definition syntax.
Thank you. I was able to create a rule for Microsoft Outlook on Macintosh. But it seems strange that some of these rules don't have any exception conditions to help tune the rule.