I began asking myself if the system module which handles stuff like login, packages, etc. actually obsoletes some of my auditd rules? Or do they only the same thing but in a different manner?
My rules that I am deploying are auditing some files and folders and a lot of SYSCALLS. The documentation of each element in the system module haven't a lot on info on that what's actually running behind the scenes. But maybe that's a system of the fact that those are still Beta.