Threat detection and response refer to the set of capabilities, processes and technologies that monitor indicators of compromise or malicious activity, analyze them for severity and context, and enable timely mitigation or containment. In practice, it spans the lifecycle of an attack: detection, investigation, containment, remediation, and recovery. Organizations deploy a threat detection platform (or solution) to collect telemetry across endpoints, networks and logs; apply analytics (behavioural, statistical, and threat-intelligence driven); generate alerts or findings; and trigger response actions.