I saw that i can read openbsm audit logs with osquery, so if i good understand osqury know to decode obsm auditd logs?
if yes, is there little explanation about it? i want to integrate to Wazuh, so flow will be something like:
OS command - obsm audit get that command - osquery read it and put in human readable format in results log - wazuh take that log and forward to manager (siem)