Cross platform, and the ability to filter the event log with osquery just cherry picking specific events from the event log instead of just forwarding everything on, and management with fleet. I don’t think it’s appropriate to say that ingesting a text log could be a privacy violation. Since when are company managed devices privacy oriented anyway? Even a users logon/logoff times could be deemed anti-privacy in that case. That is the most nonsense thing I have ever seen, it’s up to the company to create their privacy policy and such, and inform their users about what is monitored.