Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Powered by
Title
z
Zach Zeid
05/11/2020, 4:31 PM
or do you only enable a subset of audit events for things you truly care about (e.g.
process_event
)
c
clong
05/11/2020, 8:36 PM
it really depends on how busy the host will be and how many syscalls will be generated
and obviously the hardware specs of the host
z
Zach Zeid
05/11/2020, 8:37 PM
Is there a way I can understand the perf impact of enabling these?
5 Views
#general
Join Slack