Security agent tuning

I have the agent running on some Linux servers and it generates about 15M process events within a 24 hour period. Is there a way to tune this as its consumes a lot of storage with data that is not very useful.

Also, are the documents detailing the recommendations for detection rules?

Hi @Dan_Kennedy there isn't currently a way to selectively disable Endpoint Security process events but we do understand the pain you feel and appreciate your feedback to help us prioritize future improvements. I should say, I assume Endpoint Security was installed and process events were enabled, correct?

Thanks

Yes it was installed with process events, and it makes up the vast majority

See the screenshot below

1 Like