Audit filtering by parent process path

Hi, Using the Linux kernel audit system I audit program executions with the following audit rule. -w /usr/sbin/my-program -p x -k my-program-audit-class In order to keep the audit log clean I want to suppress executions of my-program if done by a defined set of applications given their path. Since the PPID is available in the audit log entry (type=SYSCALL), there might be some means to filter out by parent program path at the time the audit log is generated, however, I cannot find a solution, also not by looking at audit_filter_rules(). Introducing helper scripts to clean up audit.log by filtering out later on as well as distinguishing by user/group, security context are not my preferred options. Thank you, Simon