Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
d
defensivedepth
05/21/2022, 3:30 PMf
fritz
05/24/2022, 12:58 PMSo cool @defensivedepth! Love seeing the culmination of your work on this! Happy to have been involved in any capacity 😊
🍻 1
z
zwass
05/25/2022, 5:50 PMExcited to see this published, though I haven't had a chance to look at it deeply yet. Have you found that filtering this way results in acceptable performance? I remember we had discussed the possibility of osquery doing more filtering at ingestion time.