From 6af6b6ee89164e267b58f2b4717ec6a5d3a22af2 Mon Sep 17 00:00:00 2001 From: Tom Burgin Date: Wed, 2 Oct 2024 15:42:51 -0400 Subject: [PATCH] update repo name --- docs/binaries/santad.md | 2 +- docs/concepts/events.md | 4 ++-- docs/concepts/rules.md | 2 +- docs/deployment/configuration.md | 4 ++-- docs/deployment/file-access-auth.md | 4 ++-- docs/deployment/getting-started.md | 10 +++++----- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/binaries/santad.md b/docs/binaries/santad.md index 26b8d3c..055e062 100644 --- a/docs/binaries/santad.md +++ b/docs/binaries/santad.md @@ -52,7 +52,7 @@ unique set of event streams. | ------ | ----------- | | syslog | Emits events as a human-readable, key/value pair string to the [Apple ULS](https://developer.apple.com/documentation/os/logging?language=objc) | | file | Similar output to `syslog`, but logs are sent to a file instead of the ULS | -| protobuf | Emits events with a rich set of data defined by the [santa.proto](https://github.com/google/santa/blob/main/Source/common/santa.proto) schema | +| protobuf | Emits events with a rich set of data defined by the [santa.proto](https://github.com/northpolesec/santa/blob/main/Source/common/santa.proto) schema | | json | Similar to `protobuf`, but the output is converted to JSON (Note: This is not a performant option and should only be used in targeted situations or when logging is expected to be minimal) | | null | Disables logging | diff --git a/docs/concepts/events.md b/docs/concepts/events.md index 755378d..d6eb27d 100644 --- a/docs/concepts/events.md +++ b/docs/concepts/events.md @@ -16,7 +16,7 @@ certificates and binaries before switching the fleet to Lockdown mode. ##### Event Data Events begin their life as an -[SNTStoredEvent](https://github.com/google/santa/blob/master/Source/common/SNTStoredEvent.h) +[SNTStoredEvent](https://github.com/northpolesec/santa/blob/master/Source/common/SNTStoredEvent.h) object. The SNTStoredEvent class is just a simple storage class that has properties for all the relevant bits of information. More importantly the class implements the @@ -27,7 +27,7 @@ events sqlite3 database on disk and sent over XPC to another process. Events are temporarily stored in a database until they are uploaded. The format is subject the change; accessing the events database directly will most likely break in future releases. If direct access to the events database is required, -raise a [issue on the Santa GitHub](https://github.com/google/santa/issues). +raise a [issue on the Santa GitHub](https://github.com/northpolesec/santa/issues). ###### JSON diff --git a/docs/concepts/rules.md b/docs/concepts/rules.md index e564ff7..2b1d355 100644 --- a/docs/concepts/rules.md +++ b/docs/concepts/rules.md @@ -107,7 +107,7 @@ To begin using transitive allowlisting, `EnableTransitiveRules` should be set to When a process is trying to execute, `santad` retrieves information on the binary, including a hash of the entire file, signing ID, the signing chain (if any), and the team ID. The collected info is then passed through the -[SNTPolicyProcessor](https://github.com/google/santa/blob/master/Source/santad/SNTPolicyProcessor.h). +[SNTPolicyProcessor](https://github.com/northpolesec/santa/blob/master/Source/santad/SNTPolicyProcessor.h). Rules (both ALLOW and BLOCK) are evaluated in the following order, from most specific to least specific: diff --git a/docs/deployment/configuration.md b/docs/deployment/configuration.md index dad40e0..822d0a1 100644 --- a/docs/deployment/configuration.md +++ b/docs/deployment/configuration.md @@ -144,7 +144,7 @@ are sent via the sync server. Details on this structure are defined in the documentation. Additionally, the -[example configuration](https://github.com/google/santa/blob/d5195b55d2784776fa078096f59137d22da55b06/docs/deployment/com.northpolesec.santa.example.mobileconfig#L45) +[example configuration](https://github.com/northpolesec/santa/blob/main/docs/deployment/com.google.santa.example.mobileconfig#L45) has a demonstration on how to define static rules. ### Example Configuration Profile @@ -305,4 +305,4 @@ example when an app is launched from a directory considered private to a user. An example payload for this use case is provided [here](tcc.configuration-profile-policy.santa.example.mobileconfig) This would be used alongside a payload allowing [notifications](notificationsettings.santa.example.mobileconfig) to be sent, -and for allowing the [system extension](https://github.com/google/santa/blob/main/docs/deployment/system-extension-policy.santa.example.mobileconfig) to be loaded without end user interaction. +and for allowing the [system extension](https://github.com/northpolesec/santa/blob/main/docs/deployment/system-extension-policy.santa.example.mobileconfig) to be loaded without end user interaction. diff --git a/docs/deployment/file-access-auth.md b/docs/deployment/file-access-auth.md index 55448cd..6f1f1a2 100644 --- a/docs/deployment/file-access-auth.md +++ b/docs/deployment/file-access-auth.md @@ -195,8 +195,8 @@ When the `EventLogType` configuration key is set to `syslog` or `file`, an examp action=FILE_ACCESS|policy_version=v0.1-experimental|policy_name=UserFoo|path=/Users/local/tmp/foo/text.txt|access_type=OPEN|decision=AUDIT_ONLY|pid=12|ppid=56|process=cat|processpath=/bin/cat|uid=-2|user=nobody|gid=-1|group=nogroup|machineid=my_id ``` -When the `EventLogType` configuration key is set to `protobuf`, a log is emitted to match the `FileAccess` message in the [santa.proto](https://github.com/google/santa/blob/main/Source/common/santa.proto) schema. +When the `EventLogType` configuration key is set to `protobuf`, a log is emitted to match the `FileAccess` message in the [santa.proto](https://github.com/northpolesec/santa/blob/main/Source/common/santa.proto) schema. ### Default Mute Set -The EndpointSecurity framework maintains a set of paths dubbed the "default mute set" that are particularly difficult for ES clients to handle. Additionally, AUTH events from some of these paths have ES response deadline times set very low. In order to help increase stability of this feature, file accesses from binaries in the default mute set are not currently logged. A list of binaries that will not have operations logged can be found in [SNTRuleTable.m](https://github.com/google/santa/blob/2023.4/Source/santad/DataLayer/SNTRuleTable.m#L90-L105). This could be addressed in the future (see [Github Issue #1096](https://github.com/google/santa/issues/1096)). +The EndpointSecurity framework maintains a set of paths dubbed the "default mute set" that are particularly difficult for ES clients to handle. Additionally, AUTH events from some of these paths have ES response deadline times set very low. In order to help increase stability of this feature, file accesses from binaries in the default mute set are not currently logged. A list of binaries that will not have operations logged can be found in [SNTRuleTable.m](https://github.com/northpolesec/santa/blob/2023.4/Source/santad/DataLayer/SNTRuleTable.m#L90-L105). This could be addressed in the future (see [Github Issue #1096](https://github.com/northpolesec/santa/issues/1096)). diff --git a/docs/deployment/getting-started.md b/docs/deployment/getting-started.md index 107a1d6..d5efcce 100644 --- a/docs/deployment/getting-started.md +++ b/docs/deployment/getting-started.md @@ -12,15 +12,15 @@ This page shows you the process to get started with your deployment of Santa. 1. (Optional) Set up a [sync server](../introduction/syncing-overview.md). For a list of open-source sync servers, see [Sync Servers](sync-servers.md). Without a sync server, [`santactl`](../binaries/santactl.md) can configure rules locally. -1. Create and install your Santa configuration profile to customize your deployment of Santa. See [Configuration](configuration.md) for a reference list of the available options and an [example profile](https://github.com/google/santa/blob/main/docs/deployment/com.northpolesec.santa.example.mobileconfig). +1. Create and install your Santa configuration profile to customize your deployment of Santa. See [Configuration](configuration.md) for a reference list of the available options and an [example profile](https://github.com/northpolesec/santa/blob/main/docs/deployment/com.northpolesec.santa.example.mobileconfig). 1. Install the TCC and system extension configuration profiles: - - The TCC profile provides Santa the access it requires to read files anywhere on disk. See an [example TCC profile](https://github.com/google/santa/blob/main/docs/deployment/tcc.configuration-profile-policy.santa.example.mobileconfig). - - The system extension profile allows Santa to run without approval from the user. See an [example system extension profile](https://github.com/google/santa/blob/main/docs/deployment/system-extension-policy.santa.example.mobileconfig). + - The TCC profile provides Santa the access it requires to read files anywhere on disk. See an [example TCC profile](https://github.com/northpolesec/santa/blob/main/docs/deployment/tcc.configuration-profile-policy.santa.example.mobileconfig). + - The system extension profile allows Santa to run without approval from the user. See an [example system extension profile](https://github.com/northpolesec/santa/blob/main/docs/deployment/system-extension-policy.santa.example.mobileconfig). -1. (Optional) Customize and install the notification settings profile. This allows you to set up notifications to alert when Santa is switching [modes](../concepts/mode.md). See an [example notification settings profile](https://github.com/google/santa/blob/main/docs/deployment/notificationsettings.santa.example.mobileconfig). +1. (Optional) Customize and install the notification settings profile. This allows you to set up notifications to alert when Santa is switching [modes](../concepts/mode.md). See an [example notification settings profile](https://github.com/northpolesec/santa/blob/main/docs/deployment/notificationsettings.santa.example.mobileconfig). The notifications modified through this profile are different to the main Santa GUI pop-ups. To configure the [Santa GUI](../binaries/santa-gui.md) notifications, use the [configuration profile](configuration.md) (in step 2). -1. Install the latest Santa package from [GitHub](https://github.com/google/santa/releases) (where you can also find release notes). The package is distributed as a `PKG` wrapped inside a `DMG`, both of which are properly signed and can be validated. +1. Install the latest Santa package from [GitHub](https://github.com/northpolesec/santa/releases) (where you can also find release notes). The package is distributed as a `PKG` wrapped inside a `DMG`, both of which are properly signed and can be validated.