Endpoint Detection and Response, or EDR, is a set of technologies designed to monitor, record, and display large sets of data related to activities occurring on endpoint systems. This data is collected in a centralized repository for review and analysis. Endpoint detection and response is primarily a forensic capability that will monitor for attacks as they occur or allow an analyst to triage post exploitation activity to determine how a compromise occurred. If an active compromise is discovered, many EDR solutions include capabilities to quickly respond and potentially recover from this malicious activity.