Feed
Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
selfgroup
sql
tls
uptycs
website
windows
zeek
zentral
zercurity
Powered by Linen
Title
#general
Jams
03/11/2021, 5:15 PM
Hi. What are the differences between the file_events and process_file_events table? For example, one table leverages inotify publisher while the latter table requires the Linux audit framework.
Mike Myers
03/11/2021, 5:38 PM
I see that the documentation on FIM is pretty out of date, it doesn't even mention process_file_events https://osquery.readthedocs.io/en/latest/deployment/file-integrity-monitoring/#file-integrity-monitoring-with-osquery
View count: 3
Join thread in Slack