Draft proto update for file access

2026-04-24 03:00:12 -04:00 · 2022-12-06 21:32:45 -05:00
parent 1046fab0a3
commit 5d7e9a9e03
1 changed files with 28 additions and 0 deletions
--- a/Source/common/santa.proto
+++ b/Source/common/santa.proto
@@ -464,6 +464,33 @@ message Allowlist {
  optional FileInfo target = 2;
 }

+message FileAccess {
+  optional ProcessInfo instigator = 1;
+  optional FileInfoLight watched_path = 2;
+  optional string policy_version = 3;
+  optional string policy_name = 4;
+
+  enum AccessType {
+    ACCESS_TYPE_UNKNOWN = 0;
+    ACCESS_TYPE_OPEN = 1;
+    ACCESS_TYPE_RENAME = 2;
+    ACCESS_TYPE_UNLINK = 3;
+    ACCESS_TYPE_LINK = 4;
+    ACCESS_TYPE_CLONE = 5;
+    ACCESS_TYPE_EXCHANGEDATA = 6;
+    ACCESS_TYPE_COPYFILE = 7;
+  }
+  optional AccessType access_type = 5;
+
+  enum Disposition {
+    DISPOSITION_UNKNOWN = 0;
+    DISPOSITION_DENIED_POLICY = 1;
+    DISPOSITION_DENIED_INVALID_SIGNATURE = 2;
+    DISPOSITION_ALLOWED_AUDIT_ONLY = 3;
+  }
+  optional Disposition disposition = 6;
+}
+
 // A message encapsulating a single event
 message SantaMessage {
  // Machine ID of the host emitting this log
@@ -489,6 +516,7 @@ message SantaMessage {
    Disk disk = 18;
    Bundle bundle = 19;
    Allowlist allowlist = 20;
+    FileAccess file_access = 21;
  };
 }