nasbench
commented
10 months ago Hi and thanks for your interest in aurora lite. Can you explain a bit more about what you're trying to achieve as its not very clear from your original message.
Also as a side note. Aurora is an ETW based agent that collects and processes ETW events from various providers and apply Sigma rules on them.
I am making a lightweight windows process monitoring demo, which can sense the start and end of the process in real time, I do not want to use NT kernel-mode driver. nor ETW or WMI, they will have a certain delay, poor effect for instantaneous processes.
My colleague recommended me to learn about aurora, I tried it out, and it worked well.
Can you give me some advice or help with this problem?