diff --git a/detection/c2/unexpected-dns-traffic.sql b/detection/c2/unexpected-dns-traffic.sql
index 19da7d7..44ab409 100644
--- a/detection/c2/unexpected-dns-traffic.sql
+++ b/detection/c2/unexpected-dns-traffic.sql
@@ -85,6 +85,7 @@ WHERE
   )
   -- Local DNS servers and custom clients go here
   AND p.path NOT IN (
+    '/Applications/Evernote.app/Contents/MacOS/Evernote',
     '/Applications/Slack.app/Contents/Frameworks/Slack Helper.app/Contents/MacOS/Slack Helper',
     '/Applications/Spotify.app/Contents/Frameworks/Spotify Helper.app/Contents/MacOS/Spotify Helper',
     '/Applications/Tailscale.app/Contents/PlugIns/IPNExtension.appex/Contents/MacOS/IPNExtension',
diff --git a/detection/c2/unexpected-https-linux.sql b/detection/c2/unexpected-https-linux.sql
index f03db51..49e1a27 100644
--- a/detection/c2/unexpected-https-linux.sql
+++ b/detection/c2/unexpected-https-linux.sql
@@ -186,6 +186,7 @@ WHERE
     '500,gcsfuse,500u,500g,gcsfuse',
     '500,gdb,0u,0g,gdb',
     '500,geoclue,0u,0g,geoclue',
+    '500,gh-dash,500u,500g,gh-dash',
     '500,gh,0u,0g,gh',
     '500,git,0u,0g,git',
     '500,git-remote-http,0u,0g,git-remote-http',
@@ -286,6 +287,7 @@ WHERE
     '500,python3.11,0u,0g,gnome-abrt',
     '500,python3.11,0u,0g,protonvpn',
     '500,python3.11,0u,0g,prowler',
+    '500,python3.12,0u,0g,dnf',
     '500,python3,500u,500g,python3',
     '500,python.test,500u,500g,python.test',
     '500,qemu-system-x86_64,0u,0g,qemu-system-x86',
diff --git a/detection/c2/unexpected-talkers-macos.sql b/detection/c2/unexpected-talkers-macos.sql
index 55d8192..8e8f454 100644
--- a/detection/c2/unexpected-talkers-macos.sql
+++ b/detection/c2/unexpected-talkers-macos.sql
@@ -122,7 +122,7 @@ WHERE pos.protocol > 0
     '500,17,123,Garmin Express,Garmin Express,Developer ID Application: Garmin International (72ES32VZUA),com.garmin.renu.client',
     '500,17,123,agent,agent,Developer ID Application: Datadog, Inc. (JKFCB4CN7C),agent',
     '500,17,32768,Luna Display,Luna Display,Developer ID Application: Astro HQ LLC (8356ZZ8Y5K),com.astro-hq.LunaDisplayMac',
-    '500,17,68,com.docker.backend,com.docker.backend,Developer ID Application: Docker Inc (9BNSXJN65R),com.docker',
+    '500,17,68,com.docker.backend,com.docker.backend,Developer ID Application: Docker Inc (9BNSXJN65R),com.docker.docker',
     '500,17,8801,zoom.us,zoom.us,Developer ID Application: Zoom Video Communications, Inc. (BJ4HAAB9B3),us.zoom.xos',
     '500,17,9000,Meeting Center,Meeting Center,Developer ID Application: Cisco (DE8Y96K9QP),com.webex.meetingmanager',
     '500,6,22,Cyberduck,Cyberduck,Developer ID Application: David Kocher (G69SCX94XU),ch.sudo.cyberduck',
diff --git a/detection/persistence/unexpected-listening-port-macos.sql b/detection/persistence/unexpected-listening-port-macos.sql
index a2272a7..8b044d3 100644
--- a/detection/persistence/unexpected-listening-port-macos.sql
+++ b/detection/persistence/unexpected-listening-port-macos.sql
@@ -58,6 +58,7 @@ WHERE
     '10250,6,500,OrbStack Helper,Developer ID Application: Orbital Labs, LLC (U.S.) (HUAQ24HBR6)',
     '111,17,1,rpcbind,Software Signing',
     '111,6,1,rpcbind,Software Signing',
+    '1144,6,500,fuscript,Developer ID Application: Blackmagic Design Inc (9ZGFBWLSYP)',
     '1234,6,500,qemu-system-aarch64,',
     '1313,6,500,hugo,',
     '1338,6,500,ec2-metadata-mock,',