hey @alessandrogario - I’m looking over https://github.com/osquery/osquery/pull/5084 and I’ve noticed that the impl intentionally groups

accept

and

accept4

events under the same

accept

syscall. When looking at process_events, it looks like

vfork

and

fork

are handled separately; or rather seen as distinct. Did you have a specific reason in grouping accept{.4} or was this more just they seem like they would be handled the same, why split them up (also thank you!)