Trying to capture file events on mac os
OS: Monterey
osquery table used: es_process_file_events
Flag used: --disable_endpointsecurity_fim=false
I am monitoring two directories /tmp and /usr but am not getting any file event from this folder surprisingly I am getting events from /Libraray/Application\ Support which even I am not monitoring. Has anyone faced similar issue? please help?