Endpoint Detection and Response. Agent on each endpoint that records process activity and surfaces threats.
EDR is the category of endpoint security product that ships an agent to every workstation and server, records detailed process / network / file activity, runs behavioural detections locally, and forwards events plus alerts to a central console for analyst triage.
Common EDR products include CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne and Palo Alto Cortex XDR. CloudSigma rules targeting the Windows Sysmon and Linux auditd log sources work whether the underlying agent is a dedicated EDR or just the OS native logging.