Last active
May 15, 2026 02:57
-
-
Save arubdesu/9f315ef1ad1fcfb2e93ea3b1370beba1 to your computer and use it in GitHub Desktop.
Santa allowlist (common, mostly-trusted teamIDs) to cut down on ~95% excess/superfluous events so they don't need to be shipped off clients/transited server-side
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // TEAMID allowlist entries derived from the top ~40 or well-known, Santa-related events | |
| // One resource per unique team ID; org name (and any note from the review) carried in description. | |
| // Ordered alphabetically by org name. | |
| resource "zentral_santa_rule" "allow-adobe" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Adobe Inc. as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "JQ525L2MZD" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-anthropic" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Anthropic PBC as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "Q6L2SF6YDW" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-azul-systems" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Azul Systems, Inc. as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "TDTHCUPYFR" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-brave" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Brave Software, Inc. as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "KL8N8XSYF4" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-browser-company-arc" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow The Browser Company of New York Inc. as publisher (Arc, etc browser)." | |
| policy = "ALLOWLIST" | |
| target_identifier = "S6N382Y83G" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-cloudflare" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Cloudflare Inc. as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "68WVV388M8" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-csiro" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Commonwealth Scientific and Industrial Research Organisation as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "PWA5E9TQ59" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-crowdstrike" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow CrowdStrike Inc. as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "X9E956P446" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-docker" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Docker Inc as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "9BNSXJN65R" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-google" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Google LLC as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "EQHXZ8M8AV" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-graham-gilbert-crypt" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Graham Gilbert as publisher (crypt/FDE)." | |
| policy = "ALLOWLIST" | |
| target_identifier = "9D8XP85393" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-grammarly" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Grammarly, Inc as publisher (for now...)." | |
| policy = "ALLOWLIST" | |
| target_identifier = "W8F64X92K3" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-hashicorp" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Hashicorp, Inc. as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "D38WU7D763" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-hilary-stout-cursor" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Hilary Stout as publisher (cursor IDE)." | |
| policy = "ALLOWLIST" | |
| target_identifier = "VDXQ22DGB9" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-jetbrains" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow JetBrains s.r.o. as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "2ZEFAR8TH3" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-logitech" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Logitech Inc. as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "QED4VVPZWA" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-loom" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Loom, Inc as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "QGD2ZPXZZG" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-macadmins-open-source" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Mac Admins Open Source as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "T4SK8ZXCXG" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-microsoft" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Microsoft Corporation as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "UBF8T346G9" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-mozilla" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Mozilla Corporation as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "43AQ936H96" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-okta" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Okta, Inc. as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "B7F62B65BN" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-openai" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow OpenAI OpCo, LLC as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "2DC432GLL2" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-orbital-labs" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Orbital Labs, LLC (U.S.) as publisher (OrbStack)" | |
| policy = "ALLOWLIST" | |
| target_identifier = "HUAQ24HBR6" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-osquery" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow OSQUERY A Series of LF Projects, LLC as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "3522FA9PXF" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-papercut" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow PaperCut Software International Pty Ltd as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "B5N3YV5P2H" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-perplexity-comet" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Perplexity AI Inc. as publisher (comet browser etc)." | |
| policy = "ALLOWLIST" | |
| target_identifier = "7S8W4W365S" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-python-software-foundation" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Python Software Foundation as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "BMM5U3QVKW" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-slack" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow SLACK TECHNOLOGIES L.L.C. as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "BQR82RBBHL" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-smileonmymac-textexpander" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow SmileOnMyMac, LLC as publisher (textexpander)." | |
| policy = "ALLOWLIST" | |
| target_identifier = "7PKJ6G4DXL" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-spotify" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Spotify as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "2FNC3A47ZF" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-stacklok-toolhive" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Stacklok, Inc as publisher (toolhive)." | |
| policy = "ALLOWLIST" | |
| target_identifier = "XMNPBXU9PV" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-techsmith-camtasia" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow TechSmith Corporation as publisher (camtasia, etc)." | |
| policy = "ALLOWLIST" | |
| target_identifier = "7TQL462TU8" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-zoom" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Zoom Video Communications, Inc. as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "BJ4HAAB9B3" | |
| target_type = "TEAMID" | |
| } | |
| ## And the Apple's | |
| resource "zentral_santa_rule" "allow-apple-243LU875E5" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Apple Inc. as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "243LU875E5" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-apple-57T9237FN3" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Apple Inc. as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "57T9237FN3" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-apple-5A4RE8SF68" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Apple Inc. as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "5A4RE8SF68" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-apple-74J34U3R6X" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Apple Inc. as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "74J34U3R6X" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-apple-K36BKF7T3D" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Apple Inc. as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "K36BKF7T3D" | |
| target_type = "TEAMID" | |
| } | |
| resource "zentral_santa_rule" "allow-apple-VUTU7AKEUR" { | |
| configuration_id = zentral_santa_configuration.default.id | |
| description = "Allow Apple Inc. as publisher." | |
| policy = "ALLOWLIST" | |
| target_identifier = "VUTU7AKEUR" | |
| target_type = "TEAMID" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment