Is anyone aware of a good article on the various osquery flags needed to do process and file monitoring on linux and mac? There are a few in play, and with the addition of the BPF tables I'd love to know best practices -- do we still need register for auditd, or do the BPF tables not yet cover things like
file_events
etc ?