Application Whitelisting/Blacklisting ===================================== Zercurity uses **Google Santa** to white and blacklisting your applications. Zercurity organises rules into rulesets. Rulesets are a collection of rules that can be applied to a collection of :doc:`/assets`. Table view ---------- This table gives you an overview of all the rulesets defined within your company. *The first two rulesets are defined by Zercurity. These two rulesets contain all the applications and certificates Zercurity has identified for your company.* .. image:: _static/santa.png * **Name** The name of the ruleset. * **Description** A description of the ruleset. * **Rules** The number of rules defined within the collection of this ruleset. * **Created** When the ruleset was created. * **Updated** When the ruleset was updated. Usually due to the ruleset name or description changing. * **Actions** These are changes that can be applied to the ruleset. * **DELETE** Removes the ruleset. *Please note that rulesets are not deleted immediately. Rulesets will remain within the system for 30 days and are then deleted thereafter.* Create ruleset -------------- Rulesets can be created using the **Create Ruleset** button. Which will display the following popup dialogue. .. image:: _static/santa_create.png Ruleset view ------------ When you've selected a Ruleset you'll be able to see all of the rules that are defined within the collection. You can have as many rules as you like. .. image:: _static/santa_rules.png * **Type** The type of the rule. This will either be a; CERT (Certificate) used to sign applications. Or a SHA256 which will be the hash of a given application (binary). * **Name** The name of your rule. * **Decision** In the event the rule is triggered either by the matching SHA256 or that the application was signed by the defined certificate. You can define what happens to the application that's trying to run: * **BLACKLIST** Block the application from running entirely and alert the user that the application was blocked from running. The user will be shown your custom message if one was defined in your rule. * **BLACKLIST SILENT** Block the application from running entirely without altering the user. The application will exit silently. * **WHITELIST** Ensure that the application or binary runs. * **Created** The date that the rule was created. * **Actions** These are changes that can be applied to the rule. * **DELETE** Removes the rule. *Please note that rules are not deleted immediately. Rules will remain within the system for 30 days and are then deleted thereafter.* Created rule ------------ Once you've selected a ruleset. You can then add rules by clicking the **Add Rule** button. Which will display the following popup dialogue. .. note:: When rules are created they take up to 2 minutes to propagate to your :doc:`/assets`. If you're in a rush to can run: ``santactl sync`` on the machine. You can also check the status of Google's Santa by running: ``santactl status`` .. image:: _static/santa_rule_create.png