welp, it took me 2+ weeks instead of 1 day, but I finally managed to finish some answers to @Matt Brown’s questions about powershell, osquery and splunk. I have no idea if its even helpful anymore, but oh well! https://blog.securelyinsecure.com/post/osquery-splunk-and-beyond/

Thanks for taking the time to think through this and write it up. I continue to have regular conversations around these issues - "I don't want multiple endpoint security/visibility agents, but it is not clear which one I should use.." In my circles, it is typically a discussion around osquery vs. OSSEC/Wazuh vs. Sysmon. I am hoping to put together a comparison blog post that walks through these a bit.