1. What is Aurora?
Aurora is a lightweight endpoint agent that applies Sigma rules and IOCs on local event streams
It uses Event Tracing for Windows (ETW) to subscribe to certain event channels
It extends the Sigma standard with so-called "response actions" that trigger after a rule match
It writes its own events to various outputs: the Windows Eventlog, a log file and remote UDP/TCP targets
1.1. What is Aurora Lite?
Aurora Lite is our free version of Aurora which is free for private and commercial use. The only limitation defined in the TOS is that it cannot be sold or used as part of a paid service. We offer special licensing options for managed detection service providers.
Features and services that are not included in the Aurora Lite version:
No comfortable Sigma rule management via ASGARD Management Center
No additional detection modules (non-Sigma-based detection; e.g. Cobalt Strike beaconing, LSASS dumping)
No private Nextron Sigma rule feed
No private Nextron IOC rule feed
No encrypted Sigma rules (protect rules from spying eyes or the AV)
Only 5 rules with response actions allowed
For more details see the description on our web site.