Aurora Agent Lite
The Aurora Agent is a lightweight and customisable EDR agent based on Sigma. It uses Event Tracing for Windows (ETW) to recreate events that are very similar to the events generated by Microsoft’s Sysmon and applies Sigma rules and IOCs to them. AURORA complements the open Sigma standard with “response actions” that allow users to react to a Sigma match.
It is everything that other EDRs aren’t.
- It is completely transparent and fully customisable due to the open Sigma rule set and configuration files
- It saves 99% of the network bandwidth and storage
- It works completely on-premises, no data leaves your network
- It can be configured to use only a limited amount of resources
We offer an enterprise and a "Lite" version, which is free of charge. The free version uses only the open source rule set, lacks comfort features and a central management.
Getting Started
To sart using Aurora, simply visit the official website here and request your copy.
Documentation with instruction on how to install and use the agent can be found here.