i'm currently a master student looking for an interesting thesis topic to write about. my initial approach was to write about endpoint visibility because in times of DoH and DoT, solutions that honor the enduser's privacy, it becomes a lot more difficult for blue teams to detect suspicious behaviour over the wire. therefore i would like to focus on the endpoint, and what is possible to detect there. i have heard a lot good things about osquery, it helps a lot in regards to IT-Operations. But what would be the main Security use-cases for osquery to help blue teams detect threats in their environment/network? can you maybe point me in the right direction other than
https://osquery.io/schema to help me get an idea on what is possible? many thanks in advance, cheers theresa