After almost half a year of development, we are pleased to announce the release of our free version of the Aurora Agent named Aurora Lite.
The Aurora agent is a Sigma-based endpoint agent that offers maximum transparency, flexibility, and confidentiality. It doesn’t require an additional kernel driver but uses the native Event Tracing for Windows (ETW). Other detection modules like the “Cobalt Strike Beaconing Detector” or the “LSASS Dump Detector” provide detection capabilities that exceed the scope of pure Sigma matching.
Aurora Lite is a limited but free version of the endpoint agent. It lacks some features, has no additional detection modules, and cannot be used with the comfortable ruleset and configuration management in ASGARD Management Center. The complete list of limitations can be found here.
Regardless of these limitations, we believe that even the free version can compete with other commercial endpoint agents and provides similar detection coverage.
Captured Pre-Release Web Session
The slide deck shown in the recorded web session can be found here.
Slides 8 to 18 contain a quick start guide.