IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Google Santa fields
editGoogle Santa fields
editSanta Module
santa
edit-
santa.action
-
Action
type: keyword
example: EXEC
-
santa.decision
-
Decision that santad took.
type: keyword
example: ALLOW
-
santa.reason
-
Reason for the decsision.
type: keyword
example: CERT
-
santa.mode
-
Operating mode of Santa.
type: keyword
example: M
disk
editFields for DISKAPPEAR actions.
-
santa.disk.volume
-
The volume name.
-
santa.disk.bus
-
The disk bus protocol.
-
santa.disk.serial
-
The disk serial number.
-
santa.disk.bsdname
-
The disk BSD name.
example: disk1s3
-
santa.disk.model
-
The disk model.
example: APPLE SSD SM0512L
-
santa.disk.fs
-
The disk volume kind (filesystem type).
example: apfs
-
santa.disk.mount
-
The disk volume path.
-
santa.certificate.common_name
-
Common name from code signing certificate.
type: keyword
-
santa.certificate.sha256
-
SHA256 hash of code signing certificate.
type: keyword