Skip to main content

uberAgent-eventdata-filter-vastlimits-macOS.conf

The following is the uberAgent-eventdata-filter-vastlimits-macOS.conf configuration file that ships with uberAgent. It contains eventdata filter rules for macOS curated by vast limits.

[EventDataFilter]
# Deny any DNS event caused by browsers.
Action = deny
Sourcetype = Process:DnsQuery
Query = ProcName in ["Google Chrome", "Google Chrome Helper", "Microsoft Edge", "Microsoft Edge Helper", "Safari", "com.apple.Safari.SafeBrowsing.Service", "com.apple.WebKit.Networking", "com.apple.Safari.SearchHelper", "firefox"]

[EventDataFilter]
# Deny any DNS event caused by uberAgent because it performs reverse lookups to assign IP addresses to hostnames.
Action = deny
Sourcetype = Process:DnsQuery
Query = ProcName == "uberAgent"

[EventDataFilter]
# Exclude processes whose name is exactly one of the given names.
Action = deny
Sourcetype = Process:ProcessStartup
Query = ProcName in ["AppleQEMUGuestAgent", "mdworker_shared", "sleep"]

Comments

Your email address will not be published. Required fields are marked *