Update the syncing-overview.md document to note that FCM based push notifications are not currently available outside the internal Google deployment of Santa.
Update the configuration.md document to note that FCM based push notifications are not currently available outside the internal Google deployment of Santa
Fields like pid, ppid, execution_time, current_sessions etc. are not supplied in Event uploads when the decision is BUNDLE_BINARY (ie. Events generated by the bundle scanning service, rather than actual executions) so I have marked these as not required in the API definition.
Few other small formatting tidy-ups while I was there.
* Allow per-policy and per-rule FAA URL and button text
* Add format string support to the custom URL. Added SNTBlockMessageTest.
* Add event URL to TTY message.
* Allow rule specific policy to "clear" global to remove buttons for the rule
* Remove extra beta label for FAA
* Support new config (and sync config) option to override file access action.
* Adopt override action config in file access client
* Add sync service and file access client tests
* Require override action to be specific values. Add new sync setting to docs.
The logupload stage was referred to in this document but was removed in #331.
FYI this document also refers to santactl performing syncs, which I believe is now handled by santasyncservice, but I am not familiar enough with it to document sorry.
Removes file_bundle_binary_count and file_bunde_hash from the Rule definition and examples
These were accidentally added to the Rule definition and examples, rather than to the Event section in #1130.
Co-authored-by: Pete Markowsky <pmarkowsky@users.noreply.github.com>
Added SigningID/TeamID to Event definition
Added SigningID and TeamID to the definition of Events in the EventUpload stage
Documented SigningID and TeamID in the definition of Events in the EventUpload stage
This allows a sync server to send a `custom_url` field along with a rule blocking execution and this will be used as the URL for the "open" button in place of the normally generated URL.
Make the sync client content encoding a tunable.
This makes the sync client's content encoding a tunable so that it can be
compatible with more sync servers.
Removed the "backwards compatibility" config option.
---------
Co-authored-by: Russell Hancox <russellhancox@users.noreply.github.com>
* Move santa_action_t to SNTCommonEnums and rename to SNTAction
* Move likely and unlikely macros to a new BranchPrediction header
* Remove SNTCommon.h. Move SantaVnode to its own header.
* Add SantaVnodeHash
* Fix build deps
* Spool writer and santactl command to print proto file
* Make valid JSON for multiple paths. Can now create proto/spool logger. Updated logger tests.
* Make fsspool writer and fsspool log batch writer injectable
* Add spool writer tests
* Updated help text for santactl printlog
* Include file cleanup
* Fix dispatch source destruction
* Change config keys for the new Spool writer
* Spool settings now configurable
* Fix param order
* Remove some test sleeps related to control flow
