github northpolesec/santa 2025.2
v2025.2
on GitHub

one day ago

Notes

If you're migrating from Google Santa, please see the Migration Guide for details on how to upgrade.

Santa documentation can be found at northpole.dev.

Announcements

📣 Opt-In Stats Collection

Santa can now collect basic stats on an opt-in basis by setting the EnableStatsCollection configuration key to true. When enabled, some very limited, non-identifying information (such as Santa and macOS versions) is gathered and uploaded to North Pole Security. While not required, this information is extremely useful for us to understand more about our install base to inform the development of new features and drive support/deprecation decisions. For complete details about what is collected, see our Stats documentation.

Please consider opting in your organization to help us better maintain Santa for the whole community!

Fixed

❗ Operations violating audit-only FAA rules were being improperly cached and could potentially result in not all violations being logged.

Changed

↔️ Install receipts now forgotten on uninstallation (thanks @4rm)

Added

➕ Process-centric FAA rules are now in beta! Please see File Access Authorization docs for more details.
➕ Protobuf logs now include a boot session UUID to help correlate Santa telemetry emitted during a given boot cycle.
➕ New telemetry event type, Gatekeeper Override, for when a user manually overrides Gatekeeper settings to execute a binary.
➕ New configuration option to disable a user's ability to silence notifications.
santactl fileinfo now supports the --entitlements flag to display entitlements for the file.

What's Changed

  • Remove indirect Swift dependency in SNTBinaryMessageWindowView by @kubalaguna in #223
  • Fix missing comma in gui/BUILD by @russellhancox in #224
  • Include line to forget receipt by @4rm in #225
  • project: Add simple Makefile by @russellhancox in #229
  • gui: Add config to disable notification silences by @russellhancox in #228
  • Fix some lint by @russellhancox in #230
  • Add boot session uuid to proto event logs by @mlw in #234
  • Standardize encode/decode macros for NSSecureCoding by @mlw in #233
  • Print troubleshooting steps when santactl cannot connect to daemon by @mlw in #235
  • Add support for parsing new proc-based FAA rules by @mlw in #231
  • Better type representation in FAA, standardize type alias naming by @mlw in #236
  • Add support for Gatekeeper Override event by @mlw in #238
  • Initial infrastructure for Proc FAA client by @mlw in #237
  • Bump bazel version. Move hedron module to fork that fixes issues. by @mlw in #239
  • bump abseil version to 20250127 by @mlw in #240
  • Add serializations for Gatekeeper Override event by @mlw in #241
  • Add Polaris stats collection, with documentation by @russellhancox in #242
  • Proc FAA - hookup probe and proc policy iteration interfaces by @mlw in #244
  • project: Pull MOL* dependencies back in by @russellhancox in #243
  • Project: Fix most deprecation warnings by @russellhancox in #248
  • Project: Don't build Polaris in debug builds to shorten build time by @russellhancox in #249
  • Project: Remove allstar config by @russellhancox in #251
  • Fix nested designators. by @kubalaguna in #252
  • Fix indirect dependency on gtest by @kubalaguna in #254
  • project: Hide SecAsn1* deprecation warnings by @russellhancox in #255
  • sync: Add define to store all event upload requests by @russellhancox in #256
  • sync: Allow storing allll the sync stages by @russellhancox in #258
  • Proc FAA - Implement probe, begin watching/tracking processes by @mlw in #257
  • stats: Move to simple HTTP request (utilizing ConnectRPC) by @russellhancox in #260
  • Updated sync-protocol docs for northpole.dev by @pmarkowsky in #259
  • stats: Fix allocation of protobuf message. by @russellhancox in #262
  • move handling for path targets to the FAAPolicyProcessor by @mlw in #264
  • Add Contains method to PrefixTree by @mlw in #265
  • santactl/fileinfo: Add --entitlements flag and key. by @russellhancox in #263
  • Remove stat change detection metrics that are no longer necessary by @mlw in #269
  • Proc FAA initial impl by @mlw in #267
  • Fill in some fields in test code to address ASAN issue by @mlw in #268
  • Add proper retain/release tracking in more tests by @mlw in #270
  • PathTargets cleanup, check policy block params, test migration by @mlw in #272
  • Support invert Proc FAA rules and ES layer caching when possible by @mlw in #273
  • Update Link Pointer to Mobile Config by @Fgeronimo in #275
  • Update docs, add proc FAA beta messages, remove protobuf beta messages by @mlw in #276
  • Rename GK telemetry key name. Docs updates. by @mlw in #277
  • santactl/fileinfo: Handle missing entitlements, with better output by @russellhancox in #278
  • Fix ES layer cacheability issue in Data FAA and Proc FAA by @mlw in #279

New Contributors

Full Changelog: 2025.1...2025.2

Check out latest releases or
releases around northpolesec/santa 2025.2

Don't miss a new santa release

NewReleases is sending notifications on new releases.

Get notifications