santa
santa copied to clipboard
santactl debug command for generating a dummy event
This came up when talking to @tburgin:
This is mostly for development purposes but it would be helpful to have a console command to "block" a given binary regardless of its whitelisting status. This primarily relevant for binaries signed with globally whitelisted certs which we'd like synced to the server (as opposed to creating it manually in the server).
I'm thinking it could either use an existing ALLOW_* type or something new like ALLOW_DUMMY.