The AURORA Agent is a lightweight and customisable EDR agent based on Sigma. It uses Event Tracing for Windows (ETW) to recreate events that are very similar to the events generated by Microsoft’s Sysmon and applies Sigma rules and IOCs to them. Aurora complements the open Sigma standard with “response actions” that allow users to react to a Sigma match.
Management & Analysis
ASGARD Management Center allows you to configure, schedule and control scans on up to 25,000 end points per instance; It also features an IOC management as well as many response functions like file or memory collection and custom playbooks to run any tool or command on your endpoints.