From afb1facdf1c64e01652c8278190f3e84de166532 Mon Sep 17 00:00:00 2001
From: egibs <20933572+egibs@users.noreply.github.com>
Date: Wed, 30 Oct 2024 08:50:30 -0500
Subject: [PATCH] Add chainlink to unexpected-talkers-macos

Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
---
 detection/c2/unexpected-talkers-macos.sql | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/detection/c2/unexpected-talkers-macos.sql b/detection/c2/unexpected-talkers-macos.sql
index 8a0d78d..bfb1f71 100644
--- a/detection/c2/unexpected-talkers-macos.sql
+++ b/detection/c2/unexpected-talkers-macos.sql
@@ -109,4 +109,8 @@ WHERE pos.pid IN (
     )
     AND p0.path LIKE '/opt/homebrew/Cellar/podman/%/libexec/podman/gvproxy'
   )
+  AND NOT (
+    unsigned_exception = '500,0,0,chainlink,chainlink'
+    AND p0.path LIKE '/var/folders/%/T/go-build%/b001/exe/chainlink'
+  )
 GROUP BY p0.cmdline