EDR architecture
To identify advanced threats and in-progress attacks, EDR requires hardware and operating system data. Some of the raw data is processed locally, while machine learning algorithms in the Security Analytics, perform more complex tasks.
EDR contains two major components:
The EDR Sensor, which collects process data, and reports endpoint and application behavior data.
The Security Analytics, a backend component used to interpret metadata collected by the EDR Sensor.