Skip to main content

Events

The Events interface provides visibility into events across your Santa-protected fleet. This feature lets administrators track, analyze, and respond to binary executions throughout your organization.

Overview

The Events interface displays information about each execution event:

  • Host Name: The name of the endpoint where the event occurred
  • File Name: The name of the executed binary
  • Decision: Whether the execution was allowed or blocked
  • Reason: The reason for the decision
  • Timestamp: When the execution attempt occurred

Event Details

Clicking on a file name in the events table opens a detailed view with additional information about the binary:

  • SHA-256: The cryptographic hash of the binary
  • CDHash: The code directory hash used by macOS for code signing verification
  • Team ID: The Apple Developer Team ID associated with the binary
  • Signing ID: The signing identity used to sign the binary
  • Entitlements: A list of entitlements granted to the binary
  • First Seen: When this binary was first observed in your environment