diff --git a/detection/execution/unexpected-security-framework-program-macos.sql b/detection/execution/unexpected-security-framework-program-macos.sql
index 61a0349..c591cbd 100644
--- a/detection/execution/unexpected-security-framework-program-macos.sql
+++ b/detection/execution/unexpected-security-framework-program-macos.sql
@@ -105,6 +105,7 @@ WHERE
     '500,gopls,a.out,',
     '500,gopls,gopls,',
     '500,dive,a.out,',
+    '500,snyk-ls_darwin_arm64,a.out,',
     '500,gpg-agent,gpg-agent,',
     '500,InternalFiltersXPC,com.apple.InternalFiltersXPC,Apple Mac OS Application Signing',
     '500,ipcserver,com.valvesoftware.steam,Developer ID Application: Valve Corporation (MXGJJ98X76)',
diff --git a/detection/exfil/high_disk_bytes_read.sql b/detection/exfil/high_disk_bytes_read.sql
index a9218c4..d304c2e 100644
--- a/detection/exfil/high_disk_bytes_read.sql
+++ b/detection/exfil/high_disk_bytes_read.sql
@@ -58,75 +58,76 @@ WHERE
     'bash',
     'bwrap',
     'chrome',
-    'go',
-    'fsnotifier',
     'clamscan',
     'code',
     'com.apple.NRD.UpdateBrainService',
     'docker',
-    'emacs',
     'electron',
+    'emacs',
     'firefox',
-    'osqueryi',
     'fish',
     'fleet_backend',
     'fsdaemon',
+    'fsnotifier',
+    'go',
     'golangci-lint',
-    'Safari',
     'GoogleSoftwareUpdateAgent',
     'gopls',
     'grype',
     'java',
     'kube-apiserver',
     'kube-controller',
-    'ZwiftAppMetal',
     'kube-scheduler',
     'kue',
     'launcher',
     'LogiFacecamService',
+    'melange',
     'nautilus',
     'nessusd',
-    'melange',
     'nix',
-    'tilt',
     'nix-daemon',
     'nvim',
     'osqueryd',
-    'unattended-upgr',
+    'osqueryi',
     'qemu-system-aarch64',
     'qemu-system-x86',
     'qemu-system-x86-64',
+    'Safari',
     'sh',
     'slack',
     'steam',
     'systemd',
     'thunderbird',
+    'tilt',
+    'unattended-upgr',
     'vim',
     'wineserver',
     'yay',
     'ykman-gui',
-    'zsh'
+    'zsh',
+    'ZwiftAppMetal'
   )
   AND NOT p0.path IN (
+    '/System/Volumes/Preboot/Cryptexes/App/System/Applications/Safari.app/Contents/XPCServices/com.apple.Safari.BrowserDataImportingService.xpc/Contents/MacOS/com.apple.Safari.BrowserDataImportingService',
+    '/System/Volumes/Preboot/Cryptexes/Incoming/OS/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent',
     '/usr/bin/apt',
     '/usr/bin/darktable',
     '/usr/bin/dockerd',
     '/usr/bin/gnome-shell',
     '/usr/bin/udevadm',
+    '/usr/bin/update-notifier',
+    '/usr/lib64/electron/electron',
     '/usr/libexec/aned',
     '/usr/libexec/coreduetd',
     '/usr/libexec/diskmanagementd',
-    '/usr/bin/update-notifier',
-    '/System/Volumes/Preboot/Cryptexes/Incoming/OS/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent',
-    '/System/Volumes/Preboot/Cryptexes/App/System/Applications/Safari.app/Contents/XPCServices/com.apple.Safari.BrowserDataImportingService.xpc/Contents/MacOS/com.apple.Safari.BrowserDataImportingService',
     '/usr/libexec/flatpak-system-helper',
     '/usr/libexec/logd',
     '/usr/libexec/logd_helper',
-    '/usr/libexec/tracker-miner-fs-3',
     '/usr/libexec/packagekitd',
     '/usr/libexec/PerfPowerServices',
     '/usr/libexec/signpost_reporter',
     '/usr/libexec/syspolicyd',
+    '/usr/libexec/tracker-miner-fs-3',
     '/usr/lib/systemd/systemd',
     '/usr/sbin/spindump',
     '/usr/sbin/systemstats'