At the risk of asking something completely stupid, does the Endpoint Security Agent replace Winlogbeats?
I've been shipping workstation / server MS event logs including Sysmon via Winlogbeats for a while now, and I think the new Endpoint Security Agent replaces that approach although it doesn't appear to be as easy to 'Discover' the underlying agent data.
Again. sorry if this is a stupid question. If someone could confirm it would be helpful. If the new endpoint agent doesn't replace, what's the overlap?
Thanks in advance.