Change the uint64 fields in the syncv1.proto to uint32 to ensure backwards compatibility.
This also updates the SNTSyncEventUpload code to use the uint32 values and updates sync protocol docs.
* Improve default value handling for sync proto processing
* Fix capitalization of new enum values in comments
* Fix/add tests, update some docs
* Update more docs
* Lint
* Remove comment. Add LEGACY_NAMES tag for the linter
* Use new Apple docs link for global proxy settings constants
* Missed a file...
* WIP test workflow change
* WIP Fix link
* Remove trailing whitespace
* Responses to events about to exceed deadline should respect FailClosed
* Only respect FailClosed when in Lockdown mode. Update docs.
* FailClosed in Configurator now wraps checking client mode
* PR feedback
* Fix execution controller tests with new FailClosed logic
* WIP Clean syncs now leave non-transitive rules by default
* WIP Get existing tests compiling and passing
* Remove clean all sync server key. Basic tests.
* Add SNTConfiguratorTest, test deprecated key migration
* Revert changes to santactl status output
* Add new preflight response sync type key, lots of tests
* Rework configurator flow a bit so calls cannot be made out of order
* Comment clean sync states. Test all permutations.
* Update docs for new sync keys
* Doc updates as requested in PR
* Add missing config keys
* Use more consistent wording
* More consistent whitespace
* Reorder constants to appropriate section groups
* Update docs/deployment/configuration.md
Co-authored-by: Pete Markowsky <pmarkowsky@users.noreply.github.com>
---------
Co-authored-by: Pete Markowsky <pmarkowsky@users.noreply.github.com>
* WIP add config support to filter logged entitlements
* Add EntitlementInfo proto message to store if entitlements were filtered
* Log cleanup
* Address PR feedback
* Address PR feedback
Update the syncing-overview.md document to note that FCM based push notifications are not currently available outside the internal Google deployment of Santa.
Update the configuration.md document to note that FCM based push notifications are not currently available outside the internal Google deployment of Santa
Fields like pid, ppid, execution_time, current_sessions etc. are not supplied in Event uploads when the decision is BUNDLE_BINARY (ie. Events generated by the bundle scanning service, rather than actual executions) so I have marked these as not required in the API definition.
Few other small formatting tidy-ups while I was there.
* Allow per-policy and per-rule FAA URL and button text
* Add format string support to the custom URL. Added SNTBlockMessageTest.
* Add event URL to TTY message.
* Allow rule specific policy to "clear" global to remove buttons for the rule
* Remove extra beta label for FAA
* Support new config (and sync config) option to override file access action.
* Adopt override action config in file access client
* Add sync service and file access client tests
* Require override action to be specific values. Add new sync setting to docs.
The logupload stage was referred to in this document but was removed in #331.
FYI this document also refers to santactl performing syncs, which I believe is now handled by santasyncservice, but I am not familiar enough with it to document sorry.
Removes file_bundle_binary_count and file_bunde_hash from the Rule definition and examples
These were accidentally added to the Rule definition and examples, rather than to the Event section in #1130.
Co-authored-by: Pete Markowsky <pmarkowsky@users.noreply.github.com>
Added SigningID/TeamID to Event definition
Added SigningID and TeamID to the definition of Events in the EventUpload stage
Documented SigningID and TeamID in the definition of Events in the EventUpload stage
This allows a sync server to send a `custom_url` field along with a rule blocking execution and this will be used as the URL for the "open" button in place of the normally generated URL.
