Ruleset rules

When you’ve selected a Ruleset you’ll be able to see all of the rules that are defined within the collection. You can have as many rules as you like.

../_images/santa_rules.png
  • Type The type of the rule. This will either be a; CERT (Certificate) used to sign applications. Or a SHA256 which will be the hash of a given application (binary).
  • Name The name of your rule.
  • Decision In the event the rule is triggered either by the matching SHA256 or that the application was signed by the defined certificate. You can define what happens to the application that’s trying to run:
    • BLACKLIST Block the application from running entirely and alert the user that the application was blocked from running. The user will be shown your custom message if one was defined in your rule.
    • BLACKLIST SILENT Block the application from running entirely without altering the user. The application will exit silently.
    • WHITELIST Ensure that the application or binary runs.
  • Created The date that the rule was created.
  • Actions These are changes that can be applied to the rule.
    • DELETE Removes the rule. Please note that rules are not deleted immediately. Rules will remain within the system for 30 days and are then deleted thereafter.