<How to configure osquery with auditd> Who has exp...
# community-feeds
r
How to configure osquery with auditd Who has expertise on how to work with osquery (or maybe you solved this problem): Based on articles like this one - https://blog.palantir.com/auditing-with-osquery-part-two-configuration-and-implementation-87a8bba0ef48 I understand osquery can be used in conjunction with auditd rules in auditd/audit.rules. However, when I try to change in osquery.flags...