NCAE Mapping Hub Authoritative cross-reference for DCWF, NCAE Knowledge Units, O*NET, and the EWU Cyber Operations program

Security+ · 4.0 Security Operations

EDR (Endpoint Detection and Response)

Host-based software that monitors for suspicious process behavior, file changes, and network connections, and allows remote response (isolate host, kill process, etc).

How this shows up at NCAE

Enterprise EDR products are too heavy for competition, but open-source Falco and Wazuh are EDR-light. CCRI's `service-watch.sh` with inotify is a homegrown EDR.