Endpoint detection and response (EDR) records critical activity like process executions, command line activity, running services, network connections, and file manipulation on endpoints to observe behaviors and flag suspicious ones that fall outside the normal behavior.
