The audit socket will only allow one process to read from it so you cannot have both osquery and qualys. Also it's an all or nothing thing, i.e. you cannot enable process_events and disable FIM since they both depend on audit. One thing you can try is auditspd
https://linux.die.net/man/8/audispd which is a multiplexer. I've never tested it though.