create filter/predicate to avoid tampering with third party application #141
Description
Do we have any generic predicate/filter that we can use to block/alert tampering with third party application, such as:
sudo rm -rf /Applications/xyz-example.appI feel this could be common use case for multiple organizations and it would be helpful if we can add it to this repo