Hi! Does anybody know how I can correctly set exclusions for process_events through auditd? As I know I can not do it via osquery configuration, correct me if I’m wrong. On some servers osquery cpu utilization is high because of lot of process syscalls.

Right, I am not aware of how you can use osquery to set granular exclusions within audit. vs. something like using Chef or another configuration tool or using the audit control tool to set the exclusions manually