The Endpoint Security Framework includes process agruments as es_exec_arg which can be extracted as shown here (Objective-C). It would be very helpful to include these process arguments in the sinter log to start with, and potentially use them in decisions in the future (i.e. sudo processA is allowed but sudo processB is not). This would also help get sinter up par with Santa which logs process arguments.
The Endpoint Security Framework includes process agruments as es_exec_arg which can be extracted as shown here (Objective-C). It would be very helpful to include these process arguments in the sinter log to start with, and potentially use them in decisions in the future (i.e. sudo processA is allowed but sudo processB is not). This would also help get sinter up par with Santa which logs process arguments.