docs/reference/filebeat/exported-fields-santa.md
% This file is generated! See dev-tools/mage/generate_fields_docs.go
Santa Module
santa.action
: Action
type: keyword
example: EXEC
santa.decision
: Decision that santad took.
type: keyword
example: ALLOW
santa.reason
: Reason for the decsision.
type: keyword
example: CERT
santa.mode
: Operating mode of Santa.
type: keyword
example: M
Fields for DISKAPPEAR actions.
santa.disk.volume
: The volume name.
santa.disk.bus
: The disk bus protocol.
santa.disk.serial
: The disk serial number.
santa.disk.bsdname
: The disk BSD name.
example: disk1s3
santa.disk.model
: The disk model.
example: APPLE SSD SM0512L
santa.disk.fs
: The disk volume kind (filesystem type).
example: apfs
santa.disk.mount
: The disk volume path.
santa.certificate.common_name
: Common name from code signing certificate.
type: keyword
santa.certificate.sha256
: SHA256 hash of code signing certificate.
type: keyword