A unified security platform that correlates signals across endpoints, networks, identity, and cloud, the security equivalent of agentic SRE.
XDR (Extended Detection and Response) is a category of security platform that pulls in telemetry from multiple security domains, endpoint detection (EDR), network detection (NDR), identity logs, cloud control plane, email, and correlates them into a unified incident timeline. The 'extended' part is the cross-domain correlation: instead of an EDR alert for a phishing click and a separate NDR alert for unusual outbound traffic, XDR ties them into a single attack chain. Modern XDR pairs naturally with security automation (SOAR) for response.
Most security incidents involve more than one domain: credentials phished, then used from an endpoint, then pivoted across the network, then exfiltrated from a cloud bucket. Tools that only see one domain miss the chain. XDR is to security what AIOps is to operations: cross-domain correlation that turns a stream of disconnected alerts into a single incident a human can act on.
See the part of the platform that handles xdr (extended detection and response) in production.