Research and Document Endpoint Monitoring/Protection

What good is security if you have no logs? No insight? No land to purvey?
We should recommend a HIDS/SIEM like Wazuh for advanced users.
It is the only truly open-source and reasonably functional out of the box one available currently.
The rest are merely source available (Graylog/SecurityOnion/Elastic/etc.) or codedumps (AlienVault OSSIM).

We aren’t really geared towards enterprise recommendations at the moment, I wouldn’t want to spread ourselves too thin trying to tackle that demographic.