Thanks for taking the time to think through this and write it up. I continue to have regular conversations around these issues - "I don't want multiple endpoint security/visibility agents, but it is not clear which one I should use.." In my circles, it is typically a discussion around osquery vs. OSSEC/Wazuh vs. Sysmon. I am hoping to put together a comparison blog post that walks through these a bit.