Event Filter Preference Keys

Domain

com.jamf.compliancereporter

KeyDescription
AuditEventExcludedProcesses
Excludes specific process paths based on the subject.process_name field from Compliance Reporter logs. Multiple values can be defined to filter third-party programs.
Important:

Do not use regular expressions or wildcards in file paths. Any child processes of the excluded parent process will also be excluded.

<key>AuditEventExcludedProcesses</key>
<array>
  <string>/usr/sbin/mDNSResponder</string>
  <string>/usr/sbin/syslogd</string>
  <string>/Applications/splunk/bin/splunk-optimize</string>
</array>
AuditEventLogVerboseMessages
When enabled and AuditLevel is configured for level 3, all Terminal, script, and other verbose events are included in the default log output. This is disabled by default.
Note:

Even when this setting is disabled, all privilege escalations and user impersonations are logged.

<key>AuditEventLogVerboseMessages</key>
<false/>