Google Santa fieldsedit

Santa Module

santa fieldsedit

santa.action

type: keyword

example: EXEC

Action

santa.decision

type: keyword

example: ALLOW

Decision that santad took.

santa.reason

type: keyword

example: CERT

Reason for the decsision.

santa.mode

type: keyword

example: M

Operating mode of Santa.

disk fieldsedit

Fields for DISKAPPEAR actions.

santa.disk.volume

The volume name.

santa.disk.bus

The disk bus protocol.

santa.disk.serial

The disk serial number.

santa.disk.bsdname

example: disk1s3

The disk BSD name.

santa.disk.model

example: APPLE SSD SM0512L

The disk model.

santa.disk.fs

example: apfs

The disk volume kind (filesystem type).

santa.disk.mount

The disk volume path.

certificate.common_name

type: keyword

Common name from code signing certificate.

certificate.sha256

type: keyword

SHA256 hash of code signing certificate.

hash.sha256

type: keyword

Hash of process executable.