Jon is doing alot of stuff around this topic 🙂 • Leveling Up with osquery for Workloads blog series • Leveling Up with osquery for Workloads: Identifying and Contextualizing Windows Logon Failures • Leveling Up with osquery for Workloads: Locating local administrator accounts (windows) • Leveling Up with osquery for Workloads: Determining Free Disk Space on Linux & macOS • Leveling up with osquery for Workloads: Check for weak authentication types (LM/NTLM)