I know I have chatted with multiple people on this slack over the years about finding better ways to provide sysmon type filtering / features to osquery core.