Aurora Agent User Manual
- 1. What is Aurora?
- 2. What is Aurora Lite?
- 3. Installation
- 4. Aurora Agent Dashboard
- 5. Usage
- 6. Configuration
- 7. Upgrading and Updating Aurora
- 8. Responses
- 9. Modules
- 10. Function Tests
- 11. Custom Signatures and IOCs
- 12. Aurora Agent Util
- 13. List of Event IDs
- 14. Debugging
- 15. Known Issues
- 16. Detection Gaps
- 17. Frequently Asked Questions
- 17.1. Why does Aurora use a lot of memory?
- 17.2. What's the impact of Sigma rule matching on the agent's performance?
- 17.3. Why does Aurora Lite use the newest rules while Aurora doesn't?
- 17.4. Why does Aurora generate two alerts for a single event?
- 17.5. How do I view the suppressed Sigma matches?
- 17.6. Why does the Event ID in the Windows Eventlog differ from the one in the Event Data?
- 17.7. Why does Aurora take so long to start?
- 17.8. Why doesn't Aurora report Registry matches?
- 18. Changelog