Arctic WolfEndpoint Defense can deploy dynamic updates to the MITRE techniques that power the Behavioral Detection Engine. When new or updated detection rules are deployed to your organization’s Aurora Endpoint Security tenant, they are automatically added to MITRE techniques in behavioral detection policies and sent to the Aurora Focus agent on devices, and will observe your configuration of the MITRE techniques in each policy, but the new or updated rules will operate in monitoring mode only. New or updated detection rules can collect, use, and analyze telemetry data and generate alerts, but the agent will not execute automated responses for any of the new or updated detection rules until you manually accept them in the management console.

Automatic updates to the Behavioral Detection Engine do not change the behavior of an Aurora Focus sensor. Sensor changes can be delivered only in new releases of the Aurora Focus agent. Automatic updates to the Behavioral Detection Engine and MITRE techniques can change only how telemetry data is analyzed, used, and interpreted to more accurately detect and isolate potential threats. The manual acceptance mechanism ensures that automatic updates will never disrupt business operations, as automated responses cannot be executed by the agent until you manually review and accept the new or updated detection rules.