v2023.6
Notes
❗ The FileChangesRegex
configuration key has inadvertently been ignored since 2022.9. This functionality has been added back in this release. This may cause some expected changes to logging if this configuration isn't properly set for your use cases.
❗ Team ID and Signing ID rules will now only be considered when evaluating an execution if the the code signature for a binary is valid.
❗ The SyncEnableCleanSyncEventUpload
configuration key wasn't being properly read. This would prevent event uploads during a sync when a clean sync was requested by the server.
➕ Beta support has been added for JSON logging. Setting the EventLogType
configuration key to json
will cause the data in the santa.proto
schema to be logged as JSON instead of binary protobuf. It is important to note that encoding to JSON will incur a performance penalty and deployments should appropriately measure cost to endpoints to ensure it is acceptable.
What's Changed
- Fix missing check for FileChangesRegex by @mlw in #1102
- Update docs for signing id rules by @mlw in #1105
- Migrate to new SNTRuleType enum values by @mlw in #1107
- Abstract TTY writing so multiple writers can be synchronized by @mlw in #1108
- Basic dialog functionality when access to a watch item is denied by @mlw in #1106
- Fix build issues due to macOS 13.3 SDK changes by @mlw in #1110
- Add Support for Logging to JSON (beta feature) by @pmarkowsky in #1112
- Add macOS 13 to the test matrix by @pmarkowsky in #1113
- Conf: Update notarization_tool in signing script by @russellhancox in #1116
- Fix memleak in fsspool by @kallsyms in #1115
- Use angle brackets for includes by @mlw in #1118
- Add include for proto status stub by @mlw in #1119
- Fix rule evaluation for TeamID and SigningID rules when encountering invalid signatures by @pmarkowsky in #1120
- Fix check to detect changes to StaticRules by @mlw in #1121
- Fix issue with invalid lengths by @mlw in #1122
- Add kSyncEnableCleanSyncEventUpload to the _forcedConfigKeyTypes dict by @pmarkowsky in #1123
Full Changelog: 2023.5...2023.6