11
Key Facts
- 100% Transparency: You always know exactly why a rule triggered and can adjust that rule to your needs. Every rule has descriptions and references that explain the author’s intentions. No machine learning magic that generates tons of false positives.
- Highly Customizable: Create and add your own rules and decide if AURORA should block certain activity. AURORA supports simulated blocks, offers a variety of pre-defined and custom response actions. Let AURORA report into your SIEM or your MDR service provider.
- Minimal Network Load and Storage Costs: As the matching happens on the endpoint, AURORA transmits only a fraction of the data that other EDRs generate and transmit to their backends. Usually you’ll see less than 1% of the usual network load and storage used by log data collected from AURORA agents.
Categories
Mobile security Network security Data center security Cloud (computing) security Endpoint security Intrusion detection / prevention Penetration tests Risk analysis and management Security management SIEM Security information and event management APT protection Anti-virus and malware protection Threat analysis Compliance / GRC (products and services) Computer emergency response team (CERT)
Product information
The AURORA Agent is a lightweight and customisable EDR agent based on Sigma. It uses Event Tracing for Windows (ETW) to recreate events that are very similar to the events generated by Microsoft’s Sysmon and applies Sigma rules and IOCs to them. AURORA complements the open Sigma standard with “response actions” that allow users to react to a Sigma match.
It is everything that other EDRs aren’t.
It is completely transparent and fully customisable due to the open Sigma rule set and configuration filesit saves 99% of the network bandwidth and storageit works completely on-premises, no data leaves your networkit can be configured to use only a limited amount of res ...Product Expert
