I was just reading the following blog post....
As of OneAgent version 1.175, we strongly suggest that existing customers plan a re-deployment of their OneAgents for Linux so that they all operate in non-privileged mode and deploy all new OneAgents in this mode as soon as possible. For further details, see the complete instructions.
Going forward, we’ll change the OneAgent installer to default to non-privileged mode for all new installations.
Open questions around this:
CC: @Bartek S.
Audit logs in SaaS 6 Answers