Process Based FAA #124
Labels
enhancement
New feature or request
file access authorization
Issues related to file access authorization
Milestone
Comments
pmarkowsky
added
enhancement
This was referenced Feb 4, 2025
mlw
added a commit
that referenced
this issue
Feb 5, 2025
This PR lays the foundation for the new Proc FAA client and sets up some of the required interfaces between it and the Authorizer client and the WatchItems class. It also implements newly required ES API interfaces. None of this new code is yet hooked up to the rest of Santa - no new client will be created yet at runtime. Part of: #124
This was referenced Feb 21, 2025
Merged
mlw
added a commit
that referenced
this issue
Feb 21, 2025
This change mostly moves tests from the Data FAA client to the new FAAPolicyProcessor, along with some cleanup to work in the new class. Other minor changes include changing the signature of `CheckIfPolicyMatchesBlock` to prepare for allowing inverted Proc FAA rules and removing and migrating away from the `PopulatePathTargets` to the new, simpler, `PathTargets` interface. Part of: #124
This was referenced Feb 28, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In some scenarios what you actually want to control is what a process can and cannot open. You want to know exactly which files a specific process interacted with e.g. every file that tar or zip touched.
This issue is to extend FAA to cover those scenarios.
The text was updated successfully, but these errors were encountered: