Open noahtalerman opened 7 months ago
Hey @slashnick! Would love to get your feedback on the below.
Is this accurate? Did we capture the right use cases?
- Rudolph is an open source Santa server
- Rudolph hasn't been updates to support new Santa rules:
- Team ID rules. Developers (ex. Google) renew their certificates but it's still the same developer (team). I want to authorize software built by Google and I don't want to have to update my Santa rules every time Google renews their certs.
- Signing ID rules. Similar to Team ID but at application level. For example, I want to authorize a specific Hamachi application and I don't want to have to update my Santa rules every time Hamachi releases a new version.
Pulled the issue description from a similar issue (treated as a duplicate) here: #1423
Explore possibilities for implementing Binary Authorization (aka "application whitelisting") on Fleet's supported platforms.
Implementing binary authorization can meaningfully improve security on managed computers, though it is known for creating a large burden on operators and users of devices due to restrictive configurations.
Hey @mikermcneil, heads up, we didn't have the space to take this on in the current design sprint (4.48).
Please feel free to bring it back to feature fest!
@Patagonia121 we discussed this during the last feature fest.
We decided not to work on drafts for this in the upcoming sprint (4.49)
Removing from feature fest.
@pintomi1989 we should probably try to bring this one back to the next FF
I think a killer feature Fleet could offer is a self-serve workflow for users to allow new binaries. The flow I'm picturing is:
santactl sync
process as soon as the new rule is added, so the user doesn't have to wait 60 seconds for their device to sync@noahtalerman @marko-lisica @zwass Many prospect customers are raising this capability. This company has added a full stand-alone module for managing Santa: https://docs.zentral.io/en/latest/apps/santa/
Thanks for the heads up @nonpunctual! And link to Zentral.
Goal
Context
Changes
Product
Engineering
QA
Risk assessment
Manual testing steps
Testing notes
Confirmation