Anyone know if there's a particular reason AUE_ACCEPT events aren't captured on macOS in OpenBSM subsystem in

socket_events

table [code ref]? Would like to be able to look out for even short lived connections to locally running servers (vs querying process open sockets on a schedule will miss these), and curious if there's some other workaround to easily collect these events besides osquery