08/13/2019, 5:30 AM
welp, it took me 2+ weeks instead of 1 day, but I finally managed to finish some answers to @Matt Brownā€™s questions about powershell, osquery and splunk. I have no idea if its even helpful anymore, but oh well!


08/13/2019, 11:54 PM
Thanks for taking the time to think through this and write it up. I continue to have regular conversations around these issues - "I don't want multiple endpoint security/visibility agents, but it is not clear which one I should use.." In my circles, it is typically a discussion around osquery vs. OSSEC/Wazuh vs. Sysmon. I am hoping to put together a comparison blog post that walks through these a bit.
šŸ‘ 1