Which statement differentiates SIEM from EDR in cybersecurity operations?

SIEM is about gathering logs from many sources across the environment, then correlating and analyzing that data to detect security events and generate alerts. This cross-system visibility is what allows security teams to see patterns that involve multiple devices, applications, and networks, not just a single endpoint. EDR, on the other hand, focuses on individual endpoints—collecting telemetry like process activity and network connections on a specific machine and providing detection and response actions at that level, such as isolating a suspect host or stopping a malicious process. So the statement that describes SIEM as aggregating and analyzing logs for detection and alerting across systems best captures its role and how it differs from the endpoint-centric focus of EDR. The other descriptions either misstate the scope (limiting SIEM to endpoints or emphasizing network analysis) or overgeneralize (SIEM being obsolete or only storing data).