{"id":12441,"date":"2022-04-04T13:37:16","date_gmt":"2022-04-04T11:37:16","guid":{"rendered":"https:\/\/www.nextron-systems.com\/?p=12441"},"modified":"2024-04-12T16:33:27","modified_gmt":"2024-04-12T14:33:27","slug":"aurora-lite-agent-v1-0-release","status":"publish","type":"post","link":"https:\/\/www.nextron-systems.com\/2022\/04\/04\/aurora-lite-agent-v1-0-release\/","title":{"rendered":"Aurora Lite Agent v1.0 Release"},"content":{"rendered":"

[et_pb_section fb_built=”1″ _builder_version=”4.16.0″ _module_preset=”default” da_disable_devices=”off|off|off” global_colors_info=”{}” da_is_popup=”off” da_exit_intent=”off” da_has_close=”on” da_alt_close=”off” da_dark_close=”off” da_not_modal=”on” da_is_singular=”off” da_with_loader=”off” da_has_shadow=”on”][et_pb_row _builder_version=”4.16.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.16.0″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n

After almost half a year of development, we are pleased to announce the release of our free version of the Aurora Agent named Aurora Lite.<\/span><\/p>\n

The Aurora agent is a Sigma<\/a>-based endpoint agent that offers maximum transparency, flexibility, and confidentiality. It doesn’t require an additional kernel driver but uses the native Event Tracing for Windows (ETW). <\/span>Other detection modules<\/span><\/a>\u00a0like the “Cobalt Strike Beaconing Detector” or the “LSASS Dump Detector” provide detection capabilities that exceed the scope of pure Sigma matching.\u00a0<\/span><\/p>\n

Aurora Lite is a limited but free version of the endpoint agent. It lacks some features, has no additional detection modules, and cannot be used with the comfortable ruleset and configuration management in\u00a0<\/span>ASGARD Management Center<\/span><\/a>. The complete list of limitations can be found\u00a0<\/span>here<\/span><\/a>.<\/span><\/p>\n

Regardless of these limitations, we believe that even the free version can compete with other commercial endpoint agents and provides similar detection coverage.\u00a0<\/span><\/p>\n

[\/et_pb_text][et_pb_text _builder_version=”4.16.0″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n

Captured Pre-Release Web Session<\/h2>\n

[\/et_pb_text][et_pb_video src=”https:\/\/youtu.be\/qUAhkyIax3k” _builder_version=”4.16.0″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_video][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”2_5,3_5″ _builder_version=”4.16.0″ _module_preset=”default” custom_padding=”27px|||||” global_colors_info=”{}”][et_pb_column type=”2_5″ _builder_version=”4.16.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.16.0″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n

Slide Deck<\/h2>\n

The slide deck shown in the recorded web session can be found here<\/a>.<\/p>\n

Slides 8 to 18 contain a quick start guide.<\/p>\n

[\/et_pb_text][\/et_pb_column][et_pb_column type=”3_5″ _builder_version=”4.16.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2022\/04\/Screenshot-2022-04-04-at-10.54.15.png” title_text=”Screenshot 2022-04-04 at 10.54.15″ _builder_version=”4.16.0″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”2_5,3_5″ _builder_version=”4.16.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”2_5″ _builder_version=”4.16.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.16.0″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n

Online Manual<\/h2>\n

The Aurora Agent online manual can be found under this link<\/a>.<\/p>\n

[\/et_pb_text][\/et_pb_column][et_pb_column type=”3_5″ _builder_version=”4.16.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2022\/04\/Screenshot-2022-04-04-at-10.50.39.png” title_text=”Screenshot 2022-04-04 at 10.50.39″ url=”https:\/\/aurora-agent-manual.nextron-systems.com\/en\/latest\/index.html” url_new_window=”on” _builder_version=”4.16.0″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”2_5,3_5″ _builder_version=”4.16.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”2_5″ _builder_version=”4.16.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.16.0″ _module_preset=”default” global_colors_info=”{}”]<\/p>\n

Product Page and Download<\/h2>\n

You can find the Aurora Agent product page and the download links here<\/a>.<\/p>\n

[\/et_pb_text][\/et_pb_column][et_pb_column type=”3_5″ _builder_version=”4.16.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2022\/04\/Screenshot-2022-04-04-at-10.49.29.png” title_text=”Screenshot 2022-04-04 at 10.49.29″ url=”https:\/\/www.nextron-systems.com\/aurora\/” url_new_window=”on” _builder_version=”4.16.0″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"

After almost half a year of development, we are pleased to announce the release of our free version of the Aurora Agent named Aurora Lite. The Aurora agent is a Sigma-based endpoint agent that offers maximum transparency, flexibility, and confidentiality. It doesn’t require an additional kernel driver but uses the native Event Tracing for Windows (ETW). Other detection modules\u00a0like the “Cobalt Strike Beaconing Detector” or the “LSASS Dump Detector” provide detection capabilities that exceed the scope of pure Sigma matching.\u00a0 Aurora Lite is a limited but free version of the endpoint agent. It lacks some features, has no additional detection modules, and cannot be used with the comfortable ruleset and configuration management in\u00a0ASGARD Management Center. The complete list of limitations can be found\u00a0here. Regardless of these limitations, we believe that even the free version can compete with other commercial endpoint agents and provides similar detection coverage.\u00a0Captured Pre-Release Web SessionSlide Deck The slide deck shown in the recorded web session can be found here. Slides 8 to 18 contain a quick start guide.Online Manual The Aurora Agent online manual can be found under this link.Product Page and Download You can find the Aurora Agent product page and the download links here.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[670,749,46,87,272],"tags":[650,669,544,77,620,82,311,59],"class_list":["post-12441","post","type-post","status-publish","format-standard","hentry","category-aurora","category-homepage","category-newsletter","category-security-monitoring","category-video","tag-aurora","tag-aurora-agent","tag-edr","tag-endpoint","tag-etw","tag-ioc","tag-monitoring","tag-sigma"],"yoast_head":"\nAurora Lite Agent v1.0 Release - Nextron Systems<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.nextron-systems.com\/2022\/04\/04\/aurora-lite-agent-v1-0-release\/\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.nextron-systems.com\/2022\/04\/04\/aurora-lite-agent-v1-0-release\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.nextron-systems.com\/2022\/04\/04\/aurora-lite-agent-v1-0-release\/\"},\"author\":{\"name\":\"Florian Roth\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919\"},\"headline\":\"Aurora Lite Agent v1.0 Release\",\"datePublished\":\"2022-04-04T11:37:16+00:00\",\"dateModified\":\"2024-04-12T14:33:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.nextron-systems.com\/2022\/04\/04\/aurora-lite-agent-v1-0-release\/\"},\"wordCount\":648,\"publisher\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\"},\"keywords\":[\"Aurora\",\"Aurora Agent\",\"EDR\",\"endpoint\",\"ETW\",\"ioc\",\"monitoring\",\"Sigma\"],\"articleSection\":[\"Aurora\",\"Homepage\",\"Newsletter\",\"Security Monitoring\",\"Video\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.nextron-systems.com\/2022\/04\/04\/aurora-lite-agent-v1-0-release\/\",\"url\":\"https:\/\/www.nextron-systems.com\/2022\/04\/04\/aurora-lite-agent-v1-0-release\/\",\"name\":\"Aurora Lite Agent v1.0 Release - Nextron Systems\",\"isPartOf\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#website\"},\"datePublished\":\"2022-04-04T11:37:16+00:00\",\"dateModified\":\"2024-04-12T14:33:27+00:00\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.nextron-systems.com\/2022\/04\/04\/aurora-lite-agent-v1-0-release\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.nextron-systems.com\/#website\",\"url\":\"https:\/\/www.nextron-systems.com\/\",\"name\":\"Nextron Systems\",\"description\":\"We Detect Hackers\",\"publisher\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.nextron-systems.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\",\"name\":\"Nextron Systems GmbH\",\"url\":\"https:\/\/www.nextron-systems.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png\",\"contentUrl\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png\",\"width\":260,\"height\":260,\"caption\":\"Nextron Systems GmbH\"},\"image\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919\",\"name\":\"Florian Roth\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g\",\"caption\":\"Florian Roth\"},\"description\":\"Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.\",\"url\":\"https:\/\/www.nextron-systems.com\/author\/florian\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Aurora Lite Agent v1.0 Release - Nextron Systems","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.nextron-systems.com\/2022\/04\/04\/aurora-lite-agent-v1-0-release\/","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.nextron-systems.com\/2022\/04\/04\/aurora-lite-agent-v1-0-release\/#article","isPartOf":{"@id":"https:\/\/www.nextron-systems.com\/2022\/04\/04\/aurora-lite-agent-v1-0-release\/"},"author":{"name":"Florian Roth","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919"},"headline":"Aurora Lite Agent v1.0 Release","datePublished":"2022-04-04T11:37:16+00:00","dateModified":"2024-04-12T14:33:27+00:00","mainEntityOfPage":{"@id":"https:\/\/www.nextron-systems.com\/2022\/04\/04\/aurora-lite-agent-v1-0-release\/"},"wordCount":648,"publisher":{"@id":"https:\/\/www.nextron-systems.com\/#organization"},"keywords":["Aurora","Aurora Agent","EDR","endpoint","ETW","ioc","monitoring","Sigma"],"articleSection":["Aurora","Homepage","Newsletter","Security Monitoring","Video"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.nextron-systems.com\/2022\/04\/04\/aurora-lite-agent-v1-0-release\/","url":"https:\/\/www.nextron-systems.com\/2022\/04\/04\/aurora-lite-agent-v1-0-release\/","name":"Aurora Lite Agent v1.0 Release - Nextron Systems","isPartOf":{"@id":"https:\/\/www.nextron-systems.com\/#website"},"datePublished":"2022-04-04T11:37:16+00:00","dateModified":"2024-04-12T14:33:27+00:00","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.nextron-systems.com\/2022\/04\/04\/aurora-lite-agent-v1-0-release\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.nextron-systems.com\/#website","url":"https:\/\/www.nextron-systems.com\/","name":"Nextron Systems","description":"We Detect Hackers","publisher":{"@id":"https:\/\/www.nextron-systems.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.nextron-systems.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.nextron-systems.com\/#organization","name":"Nextron Systems GmbH","url":"https:\/\/www.nextron-systems.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png","contentUrl":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png","width":260,"height":260,"caption":"Nextron Systems GmbH"},"image":{"@id":"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919","name":"Florian Roth","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g","caption":"Florian Roth"},"description":"Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.","url":"https:\/\/www.nextron-systems.com\/author\/florian\/"}]}},"_links":{"self":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/12441","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/comments?post=12441"}],"version-history":[{"count":16,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/12441\/revisions"}],"predecessor-version":[{"id":12550,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/12441\/revisions\/12550"}],"wp:attachment":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/media?parent=12441"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/categories?post=12441"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/tags?post=12441"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}