Rules
Workshop provides comprehensive rule management for controlling system behavior across your organization. Rules define policies for execution control, file access authorization, and network flow authorization.
Rule Categories
Execution Rules
Control which binaries can execute on your systems. Execution rules use Santa's binary authorization capabilities to allow or block applications based on cryptographic signatures, certificates, and other identifiers.
Learn more about Execution Rules →
File Access Rules
Regulate which processes can read and write files on macOS systems. File Access rules provide fine-grained control over file system access, enabling monitoring, logging, and blocking of access attempts.
Learn more about File Access Rules →
Network Rules
Authorize, deny, or audit network connections on macOS hosts. Network rules match connections by local process, remote peer, and transport (ports, protocols, direction), using Santa's network extension. Requires the network extension tenant feature.
Learn more about Network Rules →
Rule Packs
Subscribe a tag to a curated set of rules maintained by North Pole Security. Each pack's rules are materialized into ordinary, editable Workshop rules and kept in sync as the pack is updated.