# North Pole Security > Proactive endpoint protection for macOS. North Pole Security builds Workshop, a control plane for Santa, and maintains the Santa open-source binary and file-access authorization agent. This file is a machine-readable index of every public page on northpole.security, following the llmstxt.org standard. Every link points at the raw markdown (.md) mirror of the page; strip the `.md` suffix to reach the human-readable HTML version (the homepage's HTML lives at `/`). See also: - /llms-full.txt: concatenated full text of every documentation and blog page - /docs/santa/llms.txt: Santa documentation only - /docs/workshop/llms.txt: Workshop documentation only ## Product - [North Pole Security](https://northpole.security/index.md): Proactive endpoint protection for macOS. Built by the creators of Santa, Workshop makes allowlisting practical at enterprise scale. - [Workshop](https://northpole.security/workshop.md): North Pole Security's flagship platform. A control plane for Santa with approval workflows, package rules, risk engine, telemetry, and USB/SD blocking. - [Santa](https://northpole.security/santa.md): Open-source binary and file-access authorization for macOS. The foundation Workshop is built on, maintained by North Pole Security. - [About](https://northpole.security/about.md): Company background, founding team, mission, and the story behind the Santa project. - [Contact](https://northpole.security/contact.md): Contact form for sales, support, and general inquiries. ## Features - [Features overview](https://northpole.security/features.md): Index of Workshop's capabilities for managing Santa fleets. - [AI chat](https://northpole.security/features/ai-chat.md): Conversational interface for investigating events, building rules, and answering policy questions across a Santa fleet. - [Approval workflows](https://northpole.security/features/approval-workflows.md): Structured request and approval flows for adding new binaries, packages, and rules without slowing users down. - [Execution rules](https://northpole.security/features/execution-rules.md): Binary, certificate, Team ID, and signing-ID rules with rich precedence so Workshop can express realistic enterprise policy. - [File-access authorization](https://northpole.security/features/file-access-authorization.md): Control which processes can read or write sensitive files, layered on top of Santa's execution policy. - [Package rules](https://northpole.security/features/package-rules.md): Author allowlist rules at the package level instead of one binary at a time, so updates don't break policy. - [Removable media blocking](https://northpole.security/features/removable-media-blocking.md): Block or restrict USB drives, SD cards, and other removable storage to prevent data exfiltration. - [Risk engine](https://northpole.security/features/risk-engine.md): Scores and explains the risk of unknown binaries so reviewers can make fast, well-informed approval decisions. - [Social voting](https://northpole.security/features/social-voting.md): Peer-driven approval voting to scale allowlist review across a large fleet without bottlenecking on a central admin. - [Telemetry](https://northpole.security/features/telemetry.md): Rich, structured logs of every relevant macOS event with first-class export pipelines to SIEMs and data warehouses. ## Workshop documentation - [Introduction](https://northpole.security/docs/workshop/index.md): Welcome to Workshop, the comprehensive administration console for managing Santa - [AI](https://northpole.security/docs/workshop/ai.md): Workshop provides AI-powered features to help you manage and understand your endpoint security environment. - [API Reference](https://northpole.security/docs/workshop/api.md): The Workshop API uses Connect RPC for - [API Keys](https://northpole.security/docs/workshop/api-keys.md): The API Keys interface - [Approval Workflows](https://northpole.security/docs/workshop/approval-workflows.md): A powerful feature of Workshop is the ability to delegate approvals decisions - [Audit](https://northpole.security/docs/workshop/audit.md): Every change made to Workshop, whether by UI or API, is recorded in the audit - [Event Export](https://northpole.security/docs/workshop/event-export.md): Workshop can automatically export events to cloud storage for long-term retention, compliance requirements, or integration with external SIEM systems and analytics platforms. - [Events](https://northpole.security/docs/workshop/events.md): The Events interface provides visibility into events across your Santa-protected - [Filter Language](https://northpole.security/docs/workshop/filter-language.md): Most Workshop API methods that begin with `List` (e.g., `ListHosts`, - [Hosts](https://northpole.security/docs/workshop/hosts.md): The Hosts interface provides a comprehensive view of all endpoints running Santa across your organization. - [Multi-Party Approval](https://northpole.security/docs/workshop/mpa.md): Multi-Party Approval (MPA) adds an additional layer of security by requiring - [Reports](https://northpole.security/docs/workshop/reports.md): The Reports interface provides - [Risk Engine](https://northpole.security/docs/workshop/risk-engine.md): The Risk Engine empowers security teams to create policies that automatically - [Rules](https://northpole.security/docs/workshop/rules.md): Workshop provides comprehensive rule management for controlling system behavior - [Settings](https://northpole.security/docs/workshop/settings.md): The Settings interface provides a centralized control panel for configuring - [Slack](https://northpole.security/docs/workshop/slack.md): Included with Workshop is a Slack chat bot that can help users go through an - [Tags](https://northpole.security/docs/workshop/tags.md): Tags are a flexible mechanism for assigning rules and settings to hosts. - [Telemetry](https://northpole.security/docs/workshop/telemetry.md): Workshop provides powerful telemetry capabilities for analyzing Santa security - [Execution Rules](https://northpole.security/docs/workshop/rules/execution-rules.md): The Execution Rules interface provides a comprehensive view of all rules that - [File Access Rules](https://northpole.security/docs/workshop/rules/file-access-rules.md): File Access rules enable Santa to control which processes can read and write - [Filter Expressions](https://northpole.security/docs/workshop/telemetry/filter-expressions.md): Telemetry filter expressions are CEL expressions evaluated by Santa on the - [Schema](https://northpole.security/docs/workshop/telemetry/schema.md): This page documents the complete schema for all telemetry event types collected ## Santa documentation - [Intro](https://northpole.security/docs/santa/intro.md): Santa is a high-performance open-source security agent for macOS that provides - [Known limitations](https://northpole.security/docs/santa/limitations.md): Santa only blocks execution (execve and variants); it doesn’t protect against - [Keys](https://northpole.security/docs/santa/configuration/keys.md): This page describes all of the available configuration options recognized by - [File-Access Authorization](https://northpole.security/docs/santa/configuration/faa.md): File Access Authorization (FAA) policies are defined using a plist configuration - [Config Generator](https://northpole.security/docs/santa/configuration/generator.md): This generator is still under active development and there are known rough - [Common Expression Language (CEL)](https://northpole.security/docs/santa/cookbook/cel.md): This page lists well-known and/or community-contributed CEL expressions. - [File-Access Authorization](https://northpole.security/docs/santa/cookbook/faa.md): This page lists well-known and/or community-contributed file-access - [Transitive Allowlisting](https://northpole.security/docs/santa/cookbook/transitive.md): This page lists well-known and/or community-contributed Transitive Allowlisting - [Getting Started](https://northpole.security/docs/santa/deployment/getting-started.md): Due to the security features built-in to macOS, deployment of Santa requires - [Profiles: System Extension](https://northpole.security/docs/santa/deployment/profile-system-extension.md): One of the primary components of Santa is a [system - [Profiles: Network Extension](https://northpole.security/docs/santa/deployment/profile-network-extension.md): Santa includes an optional network [system - [Profiles: TCC](https://northpole.security/docs/santa/deployment/profile-tcc.md): macOS requires apps like Santa have "Full Disk Access" permissions in order to - [Profiles: Background Apps](https://northpole.security/docs/santa/deployment/profile-background.md): Santa has components that run in the background (e.g. for presenting - [Profiles: Notifications](https://northpole.security/docs/santa/deployment/profile-notifications.md): Santa can present native macOS notifications to users when it switches between - [Profiles: Santa Configuration](https://northpole.security/docs/santa/deployment/profile-configuration.md): Santa has _many_ configuration options controlling its behavior. The - [Install Santa Package](https://northpole.security/docs/santa/deployment/install-package.md): With all of the profiles configured you are finally ready to install the Santa - [Network Extension](https://northpole.security/docs/santa/deployment/network-extension.md): Santa includes an optional network [system - [Migration](https://northpole.security/docs/santa/deployment/migration.md): This guide outlines the migration process from Google Santa to North Pole - [Lite Package](https://northpole.security/docs/santa/deployment/lite-package.md): Alongside the regular Santa deployment package, we also make available a "lite" - [Troubleshooting](https://northpole.security/docs/santa/deployment/troubleshooting.md): This page outlines common troubleshooting steps for confirming proper Santa - [Contributing](https://northpole.security/docs/santa/development/contributing.md): Before we can use your code, you must sign the [North Pole Security Individual - [Building](https://northpole.security/docs/santa/development/building.md): Santa uses Bazel for building, testing, and releaseing. - [Version Support Policies](https://northpole.security/docs/santa/development/version_policy.md): This document describes North Pole Security's policies on versioning as it - [Binary Authorization](https://northpole.security/docs/santa/features/binary-authorization.md): Binary authorization, also known as binary allowlisting (and formerly, binary - [File-Access Authorization](https://northpole.security/docs/santa/features/faa.md): File Access Authorization is a feature that lets Santa control which processes - [Telemetry](https://northpole.security/docs/santa/features/telemetry.md): Santa collects and outputs telemetry data about security events. This data is - [Removable Media (e.g. USB/SD device) Blocking](https://northpole.security/docs/santa/features/removable-media-blocking.md): Removable Media blocking allows blocking removable media such as USB Mass Storage/SD Card storage from mounting, or - [Sync Servers](https://northpole.security/docs/santa/features/sync.md): Santa can be configured to synchronize with a central server, to control the - [Stats](https://northpole.security/docs/santa/features/stats.md): Santa v2025.2 and up can optionally send a small amount of stats data to a ## Blog - [Announcing Santa 2026.4](https://northpole.security/blog/santa-20264.md): Santa 2026.4 expands tamper resistance, changes clean sync semantics, adds silenceable device notifications, and continues security hardening. - [Announcing Workshop 2026.3](https://northpole.security/blog/workshop-20263.md): Workshop v2026.3 introduces CEL fallback rules, risk engine plugin filters, Santa host metrics, and much more! - [Announcing Santa 2026.3](https://northpole.security/blog/santa-20263.md): Santa 2026.3 adds encryption-aware removable media policies, CEL fallback rules for global enforcement, and significant performance improvements. - [Introducing AI Chat for Workshop](https://northpole.security/blog/introducing-ai-chat-for-workshop.md): Workshop now ships an AI chat that answers natural-language questions about hosts, rules, events, and policies. Bring your own LLM API key. - [Blocking OpenClaw](https://northpole.security/blog/blocking-openclaw.md): OpenClaw (formerly Clawdbot and Moltbot) is an autonomous AI agent for macOS. Here's how to block every version with layered Santa CEL rules. - [Telemetry, Rebuilt](https://northpole.security/blog/telemetry-rebuilt.md): Export Santa’s incredible telemetry stream to Workshop and query it directly from the Workshop UI using regular SQL. - [Announcing Workshop 2026.2](https://northpole.security/blog/workshop-20262.md): Workshop v2026.2 introduces Chat with Workshop, Ancestor-based CEL policies, improved Telemetry export & querying, and much more! - [Announcing Santa 2026.2](https://northpole.security/blog/santa-20262.md): Santa 2026.2 adds process-tree-aware CEL rules, network monitoring and statistics, telemetry export filters, and several quality improvements. - [Announcing Touch ID for Santa](https://northpole.security/blog/touchid-biometric-authorization.md): Santa now supports Touch ID verification before execution, so CEL rules can require a biometric check for sensitive operations like remote debugging. - [Announcing Santa 2026.1](https://northpole.security/blog/santa-20261.md): Santa 2026.1 adds TouchID-gated execution, network mount blocking, a menu bar item for common tasks, co-branding, and many other improvements. - [Announcing Workshop 2026.1](https://northpole.security/blog/workshop-20261.md): Workshop 2026.1 adds Package Rules, TouchID-gated execution, network mount blocking, and a range of usability and performance improvements. - [Introducing Package Rules](https://northpole.security/blog/introducing-package-rules.md): Workshop's new Package Rules automate allowlist maintenance for Homebrew, npm, Cargo, and other package managers so developers never get blocked. - [Advent Calendar: 25 Days of macOS Protection](https://northpole.security/blog/2025-advent-calendar.md): Santa Security Advent Calendar: 25 production-ready CEL and FAA rules inspired by real macOS malware like Atomic Stealer, one new rule each day. - [A Private Sync Protocol for Workshop](https://northpole.security/blog/private-sync-protocol-for-workshop.md): A new, private sync protocol has been introduced for Workshop customers that allows for faster feature delivery and iteration. - [One Year of North Pole Security](https://northpole.security/blog/one-year-of-north-pole-security.md): Join us as we reflect on North Pole Security's first year, highlighting our achievements, challenges, and the dedicated team behind our success. - [We Raised $4M to Reimagine Endpoint Security](https://northpole.security/blog/north-pole-security-raises-4m-from-andreessen-horowitz.md): North Pole Security closes a $4M seed round led by Andreessen Horowitz to accelerate Workshop, our prevention-first endpoint platform for macOS.