I know I could exclude all msgtype CRYPTO_KEY_USER audit events, but would like to exclude just specific ones.
I would like to exclude ones for a specific UID, hostname, or IP.

There are many example of how to exclude specific files, directory events, or syscall events.

Can somebody suggest a way to suppress specific CRYPTO_KEY_USER events by UID, hostname, or IP?