Good afternoon. I have a question around auditd and osquery. At my org they run qualys and on Linux qualys relays on auditd for its FIM capabilities. If I understand correctly osquery requires exclusive use of the audit netlink socket which is what qualys also uses for FIM. Is there a way for these two things to live happily on Linux. Yes we can use osquery for FIM and disable it in qualys but that is not the direction the powers that be choose. Instead if we use qualys FIM I fear we lose all the event tables.