Hi There

we have found that with the default config of the supplementary_events_subsystem set to auditd - CPU usage gets high on busier systems

We manually set to ebpf via CLI when we detect this but we would prefer to set it as a default from now on as it reduces CPU usage by orders of magnitude in nearly every case. e.g.

mdatp config ebpf-supplementary-event-provider --value enabled

We can manage most other settings  via the mdatp_managed.json file which we manage via puppet but it appears that supplementary_events_subsystem is not a value that can be managed at present? I certainly cannot find any documentation.