From d55d1db202ba7164fb9eb6d0b7a562a49e76ac6d Mon Sep 17 00:00:00 2001 From: Thomas Stromberg Date: Thu, 20 Oct 2022 14:11:35 -0400 Subject: [PATCH] Add /usr/local/bin --- detection/execution/unexpected-gatekeeper-approvals-macos.sql | 1 + 1 file changed, 1 insertion(+) diff --git a/detection/execution/unexpected-gatekeeper-approvals-macos.sql b/detection/execution/unexpected-gatekeeper-approvals-macos.sql index 7e18e78..b640b87 100644 --- a/detection/execution/unexpected-gatekeeper-approvals-macos.sql +++ b/detection/execution/unexpected-gatekeeper-approvals-macos.sql @@ -27,6 +27,7 @@ FROM WHERE gap.path NOT LIKE '/Users/%/bin/%' AND gap.path NOT LIKE '/Users/%/rekor-cli' + AND gap.path NOT LIKE '/usr/local/bin/%' AND gap.path NOT LIKE '/Users/%/scorecard-darwin-amd64' AND gap.path NOT LIKE '/Users/%/scorecard-darwin-amd64' AND gap.path NOT LIKE '/Users/%/configure'