We should look into deploying TA-aurora as part of Attack Range when the Aurora EDR agent is configured (install_aurora_agent = 1).
Deploying it after the fact manually is not as practical given that the TA has index-time extractions.
We should use the updated TA here (version 0.2.0 - which should be available very shortly) and ensure to rename any inputs for it to use the updated sourcetype nextron:aurora:edr.
P4T12ICK
commented
2 years ago
We should look into deploying TA-aurora as part of Attack Range when the Aurora EDR agent is configured (
install_aurora_agent = 1).Deploying it after the fact manually is not as practical given that the TA has index-time extractions.
We should use the updated TA here (version 0.2.0 - which should be available very shortly) and ensure to rename any inputs for it to use the updated sourcetype
nextron:aurora:edr.