Apple finally adds TCC events to Endpoint Security!
Since the majority of macOS malware circumvents TCC through explicit user approval, it would be incredibly helpful for any security tool to detect this — and possibly override the user’s risky decision. Until now the best (only?) option was to ingest log messages generated by the TCC subsystem. This approach was implemented in a tool dubbed Kronos, written by Calum Hall Luke Roberts (now, of Phorion fame). Unfortunately, as they note, this approach did have it drawbacks:

CVE-2024-29847 Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability.

Evidence of a pre-existing exploit was rendered when the Huntress agent was added to an endpoint. Within minutes, and in part through the use of previously published threat intelligence, analysts were able to identify the issue and make recommendations to the customer to remediate the root cause.

EDR or Endpoint Detection and Response refers to an integrated endpoint security solution which continuously monitors end-point user's devices and try to prevent anomalies like Malware, Ransomware by using automated rule based response method.