diff --git a/detection/c2/unexpected-talkers-macos.sql b/detection/c2/unexpected-talkers-macos.sql
index 38ce984..075eaab 100644
--- a/detection/c2/unexpected-talkers-macos.sql
+++ b/detection/c2/unexpected-talkers-macos.sql
@@ -160,6 +160,7 @@ WHERE
     '443,6,0,Install,com.adobe.Install,Developer ID Application: Adobe Inc. (JQ525L2MZD)',
     '443,6,0,launcher,launcher,Developer ID Application: Kolide Inc (YZ3EM74M78)',
     '443,6,0,launcher,com.kolide.agent,Developer ID Application: Kolide, Inc (X98UFR7HA3)',
+    '443,6,0,launcher,com.kolide.agent,Developer ID Application: Kolide, Inc (X98UFR7HA3)',
     '443,6,0,nessusd,nessusd,Developer ID Application: Tenable, Inc. (4B8J598M7U)',
     '443,6,0,nix,nix,',
     '443,6,0,OneDrivePkgTelemetry,com.microsoft.OneDrivePkgTelemetry,Developer ID Application: Microsoft Corporation (UBF8T346G9)',
diff --git a/detection/execution/unexpected-security-framework-program-macos.sql b/detection/execution/unexpected-security-framework-program-macos.sql
index 679a686..8731b35 100644
--- a/detection/execution/unexpected-security-framework-program-macos.sql
+++ b/detection/execution/unexpected-security-framework-program-macos.sql
@@ -50,7 +50,6 @@ WHERE
   pmm.path LIKE '%Security.framework%'
   AND exception_key NOT IN (
     '0,nix,nix,',
-    '500,osqueryd,osqueryd,Developer ID Application: OSQUERY A Series of LF Projects, LLC (3522FA9PXF)',
     '0,osqueryd,osqueryd,Developer ID Application: OSQUERY A Series of LF Projects, LLC (3522FA9PXF)',
     '500,bash,com.apple.bash,Software Signing',
     '500,Bitwarden,com.bitwarden.desktop,Apple Mac OS Application Signing',
@@ -60,9 +59,9 @@ WHERE
     '500,bufls,a.out,',
     '500,.cargo-wrapped,.cargo-wrapped,',
     '500,cloud_sql_proxy,a.out,',
-    '500,Mattermost Helper (GPU),Mattermost.Desktop.helper.GPU,Apple Mac OS Application Signing',
     '500,cosign,a.out,',
     '500,cpu,cpu-555549441132dc6b7af538428ce3359ae94eab37,',
+    '500,Divvy,com.mizage.Divvy,Apple Mac OS Application Signing',
     '500,Emacs-arm64-11,Emacs-arm64-11,Developer ID Application: Galvanix (5BRAQAFB8B)',
     '500,epdfinfo,epdfinfo,',
     '500,esbuild,a.out,',
@@ -79,12 +78,15 @@ WHERE
     '500,kubectl,a.out,',
     '500,lua-language-server,lua-language-server,',
     '500,Magnet,com.crowdcafe.windowmagnet,Apple Mac OS Application Signing',
+    '500,Mattermost Helper (GPU),Mattermost.Desktop.helper.GPU,Apple Mac OS Application Signing',
     '500,Mattermost Helper,Mattermost.Desktop.helper,Apple Mac OS Application Signing',
     '500,Mattermost Helper (Renderer),Mattermost.Desktop.helper.Renderer,Apple Mac OS Application Signing',
+    '500,Mattermost,Mattermost.Desktop,Apple Mac OS Application Signing',
+    '500,osqueryd,osqueryd,Developer ID Application: OSQUERY A Series of LF Projects, LLC (3522FA9PXF)',
     '500,PrinterProxy,com.apple.print.PrinterProxy,',
     '500,registry-redirect,a.out,',
-    '500,rust-analyzer,rust_analyzer-d11ae4e1bae4360d,',
     '500,Runner.Listener,apphost-55554944a938bab90f04347d83659c53dd1197d6,',
+    '500,rust-analyzer,rust_analyzer-d11ae4e1bae4360d,',
     '500,scdaemon,scdaemon,',
     '500,sdaudioswitch,,',
     '500,sdaudioswitch,sdaudioswitch,',
@@ -94,6 +96,8 @@ WHERE
     '500,Slack Helper (GPU),com.tinyspeck.slackmacgap.helper,Apple Mac OS Application Signing',
     '500,Slack Helper (Plugin),com.tinyspeck.slackmacgap.helper,Apple Mac OS Application Signing',
     '500,Slack Helper (Renderer),com.tinyspeck.slackmacgap.helper,Apple Mac OS Application Signing',
+    '500,Steam Helper,com.valvesoftware.steam.helper,Developer ID Application: Valve Corporation (MXGJJ98X76)',
+    '500,steam_osx,com.valvesoftware.steam,Developer ID Application: Valve Corporation (MXGJJ98X76)',
     '500,syncthing,syncthing,',
     '500,terraform-provider-google-beta_v4.48.0_x5,a.out,',
     '500,terraform-provider-google_v4.48.0_x5,a.out,',
diff --git a/detection/persistence/unexpected-uid0-daemon-macos.sql b/detection/persistence/unexpected-uid0-daemon-macos.sql
index 4fc82cd..5e47d7d 100644
--- a/detection/persistence/unexpected-uid0-daemon-macos.sql
+++ b/detection/persistence/unexpected-uid0-daemon-macos.sql
@@ -250,10 +250,14 @@ WHERE
   )
   AND NOT s.authority IN (
     'Developer ID Application: Adobe Inc. (JQ525L2MZD)',
+    'Developer ID Application: Logitech Inc. (QED4VVPZWA)',
+    'Developer ID Application: Fumihiko Takayama (G43BCU2T37)',
+    'Developer ID Application: Objective-See, LLC (VBG97UB4TA)',
     'Developer ID Application: Docker Inc (9BNSXJN65R)',
     'Developer ID Application: Foxit Corporation (8GN47HTP75)',
     'Developer ID Application: Keybase, Inc. (99229SGT5K)',
     'Developer ID Application: Kolide, Inc (X98UFR7HA3)',
+    'Developer ID Application: Ecamm Network, LLC (5EJH68M642)',
     'Developer ID Application: Kolide Inc (YZ3EM74M78)',
     'Developer ID Application: Logitech Inc. (QED4VVPZWA)',
     'Developer ID Application: MacPaw Inc. (S8EX82NJP6)',