I really ^ want better control of options config. I want to be able to target options at labels, as well as platform, osquery version, kernel version.
Why labels? To target different types of systems (e.g., prod vs stg; AWS vs Azure, workstation vs server)
Why osquery version / kernel version? On Linux (< 4.18) or osquery < 4.16.0, enable process_events tables (and other audit options). On Linux 4.18+ & osquery 4.16.0+, enable bpf events in options and disable audit settings.
Currently - this sort of thing just can't be done in fleet, so I have to work around it by
not setting it at all through fleet and configuring through the flagfiles of systems. I'd much rather be able to control this through fleet!