Channels
doorman
zercurity
infrastructure
code-review
queryhub
apple-silicon
carving
goquery
aws
querycon
golang
file-carving
fuzzing
help-proxy
darkbytes
process-auditing
general
windows
random
fleet-dev
tls
fim
zentral
zeek
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
community-feeds
Powered by
#general
Title
z
Zach Zeid
05/11/2020, 4:31 PM
or do you only enable a subset of audit events for things you truly care about (e.g.
process_event
)
c
clong
05/11/2020, 8:36 PM
it really depends on how busy the host will be and how many syscalls will be generated
and obviously the hardware specs of the host
z
Zach Zeid
05/11/2020, 8:37 PM
Is there a way I can understand the perf impact of enabling these?
5 Views
Post