I was curious to why the process_events table has a field for auid but the processes table doesn't. Anyone have some insight?

The processes table parses the /proc filesystem like ps does to enum the processes. The eventing table listens to events from the kernel audit subsystem like auditd does.

Awesome, thank you Tony