Bruh, I’ve used Linux for over 10 years. I run Arch on my laptop and have a homelab powered by Proxmox, Debian, and OPNSense. I don’t run any AV in my lab but do follow other security practices.
At work it’s a different story. Products like CrowdStrike also collect logs, scan for vulnerabilities, provide graphing and dashboarding capabilities, provide integrations into ticketing platforms for investigation and remediation by security teams, and more. AV is often required because Windows users can upload infected files to Linux-run SMB shares. Products like CrowdStrike often satisfy requirements set by cybersecurity insurance.
This is not simping, this is not Linux vs Windows. You just clearly have no experience in the enterprise Linux space and business security requirements.
He works at the CIA