Aurora is a lightweight endpoint agent that applies Sigma rules and IOCs directly to Windows system events reconstructed from Event Tracing for Windows (ETW). Unlike traditional logging tools or Sysmon, Aurora subscribes to raw ETW streams and transforms them into...