ESET Protect & Inspect Cloud is an extremely powerful tool. When you look at a traditional anti-malware solution, you can see it as a relatively passive solution that actively monitors your network for malware without your interference on a regular day-to-day basis. Sure, the admin's role is to deploy and configure such a solution and respond to emerging issues, but in the majority of cases, antimalware solutions do the magic on their own, automatically.
As opposed to that, XDR solution gives the administrator a deep insight into all ongoing processes on every endpoint and server in real-time, and tools to respond to events that are maybe suspicious or unwanted in the network. Sure, there is a certain level of automation that is necessary for managing a large database of events, based on the cloud reputation system (ESET Live GRID) and built-in rules that simplify administration, but still - the admin has a decisive role in every process. You can keep an eye out for executables, dependencies, registry keys, and network connections, all in one console. Every anomaly will be detected, with deep insight into what is going on in your network.
EPIC management is based on built-in and, later on, your custom rules and exclusions that you defined in a response to events that occurred. There are over a thousand built-in rules that are constantly updated by ESET engineers and they are monitoring ongoing processes. For example, in one case, EPIC informed me that one of my colleagues is using a nonstandard port in his Outlook. If the company policy doesn't allow that, I can intervene based on the information. If some app is trying to modify the startup folder, you will be notified. If some process is trying to modify a standard or build a new registry key that is previously unknown, you will know the source, possible malicious or benign causes, and all other required information about the case that will help you decide if it's bad or not. If it's bad, you can kill the process, isolate or shut down the endpoint and make the rule that will deal with it next time it occurs. If it's OK, you can create an exclusion that will ignore the case for that particular endpoint, a whole department, or the entire network. After a while, perhaps a month or two of actively monitoring your network, you will, practically, build a white list of allowed processes, and we all know how whitelisting can be useful in IT security, overall.