Brandon Mesa
07/27/2022, 5:40 PMsharvil
07/27/2022, 5:53 PMBrandon Mesa
07/27/2022, 6:00 PMsharvil
07/27/2022, 6:25 PMBrandon Mesa
08/02/2022, 3:42 PMsharvil
08/02/2022, 3:44 PMBrandon Mesa
08/02/2022, 3:45 PMsharvil
08/02/2022, 3:48 PMBrandon Mesa
08/02/2022, 3:51 PM"file_paths": {
"users_home": [
"/Users/%%/.ssh/%%"
],
"root_home": [
"/var/root/%%"
],
"configuration": [
"/private/etc/%%"
],
"binaries": [
"/usr/bin/%%",
"/usr/sbin/%%",
"/bin/%%",
"/sbin/%%",
"/usr/local/bin/%%",
"/usr/local/sbin/%%",
"/opt/bin/%%",
"/opt/sbin/%%"
],
"efi": [
"/System/Library/CoreServices/boot.efi"
],
"applications": [
"/Applications/%%",
"/Users/%%/Applications/%%"
]
},
Marcel Keßler
08/05/2022, 12:55 PMES_EVENT_TYPE_NOTIFY_OPEN
(probably so not too many events get generated? Or at least a whitelist would be needed first?)sharvil
08/05/2022, 1:15 PMES_EVENT_TYPE_NOTIFY_OPEN
, I do have plans to support and add it, but as you can imagine it’s a bit of a balancing act when it comes to performance and requires a bit of tuning, otherwise it would create a frustrating out of the box experience when folks would just do a select * from …
and watchdog killing and denylisting the query…--allow_open_events
so that folks can opt-in knowing that they will have to tune it and provide paths to mute, while also preserving the out of the box experienceMarcel Keßler
08/05/2022, 6:57 PM