Elevate24

Appearance

Monitoring - Filter Rules

Elevate24 collects a lot of data generated by other processes on devices while users are elevated. To reduce this noise and the amount of data reported back to a SIEM, Microsoft Sentinel, or Jigsaw24 Portal, filter rules can be configured as follows:

Filter Rules

  • Availability: Premium
  • Type: Array
xml
<key>filterRules</key>
	<array>
		<dict>
			<key>eventType</key>
			<string>All</string>
			<key>path</key>
			<string>/private/var/*</string>
			<key>signingId</key>
			<string>com.apple.softwareupdated</string>
		</dict>
		<dict>
			<key>eventType</key>
			<string>All</string>
			<key>signingId</key>
			<string>com.zscaler.tunnel</string>
		</dict>