Feature Comparison
Built by the team that maintains Santa, Workshop has deep integrations because we control both ends of the system.
New Santa features are supported in Workshop first, every time.
| Feature | SantaLite | Santa & WorkshopEnterprise |
|---|---|---|
| Binary Authorization | ||
Monitor Mode Log all executions without blocking | Available | Available |
Lockdown Mode Block all executions not explicitly allowed | Available | Available |
Standalone Mode Operate without any sync server | Available | Available |
Allow/Block Rules Rules by SHA-256, Signing ID, Certificate, CDHash, or Team ID | Available | Available |
Bundle Rules Allow or block entire application bundles. Depends on sync server support, which is rare. | Partial | Available |
Transitive / Compiler Rules Auto-allow binaries created by trusted compilers | Available | Available |
| CEL Policy Engine | ||
CEL Rule Support Common Expression Language policy evaluation | Available | Available |
CEL Access to euid & cwd Effective user ID and current working directory in rules | Available | Available |
TouchID Requirement via CEL Require biometric authentication for execution | Unavailable | Available |
Process Tree CEL Evaluation CEL rules that evaluate full process tree context | Unavailable | Available |
| File Access Authorization | ||
FAA Policy Support Control access to protected file paths | Available | Available |
Glob Path Support Glob patterns for Data and Proc FAA rules | Available | Available |
FAA Log Rate Limiting Configurable rate limiting for FAA events | Available | Available |
FAA Rules via Sync Manage FAA rules centrally through the sync protocol | Unavailable | Available |
FAA Block Event Upload FAA block events uploaded and visible in the console | Unavailable | Available |
| Removable Media & Network | ||
USB / SD Card Blocking Block removable media mounting | Available | Available |
Remount with Flags Remount removable media with restricted flags | Available | Available |
Network Share / Mount Blocking Block network mounts with configurable exception lists | Unavailable | Available |
Network Telemetry Network event reporting and visibility | Unavailable | Available |
Removable Media Event Upload USB/SD events uploaded and visible in the console | Unavailable | Available |
| Approval Workflows | ||
Self-Service Approval Empower trusted users to approve their own low-risk software | Unavailable | Available |
Designated Approvers Route requests to managers, specific users, or tag-based groups | Unavailable | Available |
Multi-Approver Thresholds Require multiple approvers for added oversight | Unavailable | Available |
Social Voting Community-driven approval with local and global vote thresholds | Unavailable | Available |
Slack Bot Integration Complete approval workflows directly in Slack | Unavailable | Available |
On-Demand Monitor Mode Temporary Lockdown bypass with admin-configured max duration and auto-revert | Unavailable | Available |
| Risk Engine | ||
VirusTotal Integration Automatic SHA-256 lookup against VirusTotal with caching | Unavailable | Available |
ReversingLabs Integration Automatic lookup against ReversingLabs Spectra Intelligence | Unavailable | Available |
Blockable Rules Plugin CEL expressions to flag entire classes of software | Unavailable | Available |
Custom Risk Plugins Write your own HTTP-based risk engine plugins | Unavailable | Available |
Risk Engine Exceptions Override plugin decisions per tag with expiration dates | Unavailable | Available |
Flag Blockables as Malicious Halt all approval workflows for flagged binaries | Unavailable | Available |
| Telemetry & Event Export | ||
Protobuf Telemetry Logging Structured telemetry with gzip compression | Available | Available |
Unified Logging Integration macOS Unified Logging System support | Available | Available |
Cloud Event Export Export execution, FAA, USB, and audit events to AWS S3 or GCP GCS | Unavailable | Available |
Telemetry Upload Upload telemetry data to your sync server | Unavailable | Available |
Telemetry Querying Search and query telemetry data from the console | Unavailable | Available |
Telemetry Filtering Expressions Redact or filter telemetry before export | Unavailable | Available |
Event Analytics Event trend data and approval workflow metrics | Unavailable | Available |
| Remote Management | ||
Remote Process Termination Kill arbitrary processes on managed hosts remotely | Unavailable | Available |
Push Sync Trigger Force an immediate sync from the server | Unavailable | Available |
Agent Ping Check agent connectivity in real time | Unavailable | Available |
| Administration Console | ||
Web Dashboard Manage hosts, rules, events, and blockables in a browser | Unavailable | Available |
Tag-Based Policy System Flexible tag assignment with deterministic ordering | Unavailable | Available |
Reports & Analytics Top blockables, dangerous entitlements, and lockdown readiness reports | Unavailable | Available |
Comprehensive Audit Log Every UI and API change recorded with diffs | Unavailable | Available |
Full API Coverage gRPC/Connect API for all Workshop operations | Unavailable | Available |
MCP Server Model Context Protocol server for LLM integrations | Unavailable | Available |
AI Chat Natural language queries against Workshop data | Unavailable | Available |
| Identity & Access | ||
SSO Authentication Identity provider login for the admin console | Unavailable | Available |
Directory Sync (SCIM) Automatic user and group sync from your IdP | Unavailable | Available |
Role-Based Access Control Granular permissions with assignable roles | Unavailable | Available |
Multi-Party Approval Require multiple admins for destructive actions like disabling MPA or creating API keys | Unavailable | Available |
| UI & Localization | ||
Block Notification Dialogs Configurable messages with clickable links | Available | Available |
Co-Branding Custom company name and logo on Santa UI dialogs | Available | Available |
Santa Menu Bar Item Trigger sync and reset silenced notifications from the menu bar | Available | Available |
| Security & Platform | ||
Anti-Tamper Protections Tamper protection for rules, events databases, and sync state | Available | Available |
macOS 14+ Support Validated through macOS Tahoe 26.0 | Available | Available |
Automatic Workshop Updates Configurable update modes with maintenance windows | Unavailable | Available |
Ready to upgrade to Workshop?
Get enterprise-grade allowlisting with approval workflows, risk engine integrations, and a full management console.
Contact Us