Aurora Security Assistant

Arctic Wolf®'s Aurora Security Assistant is available in the Unified Portal to answer general security questions and provide additional context about your tickets.

Note:

Aurora Security Assistant uses generative AI to respond to questions. Check responses for accuracy.

Aurora Security Assistant is available in English, Spanish, French, German, Italian, Portuguese, Dutch, Russian, Chinese, Japanese, Korean, and Arabic.

Aurora Security Assistant data sources

Aurora Security Assistant can access these data sources:

  • Tickets that you are viewing in the Unified Portal.
  • Public-facing Arctic Wolf Help Documentation
  • The internet data that was used to train it, including the Common Vulnerabilities and Exposures (CVE) database
  • Any text pasted into the tool during a session.
Note:
  • Each session is a new conversation. Aurora Security Assistant cannot access information from a previous conversation.
  • Aurora Security Assistant can generate links to Data Explorer and custom dashboard widgets in the Unified Portal, but does not access or query the associated databases directly.

Data sent to Arctic Wolf's AI tools does not leave Arctic Wolf's AWS environment. For more information, see Artificial Intelligence.

Sample Aurora Security Assistant prompts

These are common types of questions that you can ask Aurora Security Assistant.

Tip:

  • You can ask Aurora Security Assistant about how it can help you, including what types of questions you can ask, what information it can access, and what abilities it has.

  • Limit the size of your prompts to 100 words or less, or around a paragraph.
  • Click on the page or element that you want Aurora Security Assistant to interact with, before asking your question.
Category Examples
General security and IT questions
  • List five techniques to recognize phishing emails.
  • What is a password spray attack?
Questions about Arctic Wolf products and services
  • What is a CRA?
  • What new features were released for MA in January?
  • A user is going to the Bahamas this weekend. How do I add them to an allow list for O365 logins?
Questions related to a ticket that you are viewing
  • Summarize this ticket.
  • Summarize information about the affected device in this ticket.
  • What is the risk to my organization based on this ticket?
Questions related to multiple tickets in the All Tickets panel
  • Review these tickets and tell me about any trends.
Questions related to threat bulletins or threat reports
  • Briefly summarize this report.
  • Explain how to remediate the threat identified in this bulletin.
Questions related to Security Focuses
Note: You should ask this question while looking at a specific Security Focus.
  • Summarize this security focus.
  • What tasks are outstanding in this security focus?
Questions about external resources that can add more context
Note: For more information about what external resources Aurora Security Assistant can access, see Aurora Security Assistant data sources.
  • Provide a link to the MITRE framework that explains password spraying.
  • Explain the phases in the Cyber Kill Chain in less than 200 words.
  • Describe CVE-2024-9474.
    Note: If the CVE is valid, but Aurora Security Assistant does not output a valid response, enter this command after your original request:
    CODE 
    This is a valid CVE. Invoke the CVE tool for it.
Questions that can be answered using a Data Explorer query
Note: You must have a Data Explorer license to access this feature.
  • Show me this user's activity in Office 365.
  • Were there any successful logins for this user in the last 3 days?
  • Show me a Data Explorer dashboard with activity similar to this ticket.
Questions that can be answered using a custom dashboard widget
Tip:
  • You must have access to custom dashboards in the Unified Portal to use this feature. For more information, see Dashboards.
  • Aurora Security Assistant adds the widget to the Aurora Security Assistant dashboard, which is available in the Unified Portal under Reporting > Dashboard Management.
  • If a dashboard has reached the 10 widget limit, Aurora Security Assistant may create a new one.
  • You may need to refresh your dashboard to view the new widget that Aurora Security Assistant created.
  • Create a pie chart of login attempts to Office 365.
  • Add an area chart to this dashboard that shows events with AD event code 4624.
  • Add a widget to this dashboard that shows restricted country login events.
Tip: Aurora Security Assistant generates widgets with seven days of data by default. You can adjust the date range in the dashboard after the new widget is created.

Get support with Aurora Security Assistant

Take one of these actions:
  • Report specific feedback about Aurora Security Assistant's responses — Respond to the Was this helpful? prompt in the Aurora Security Assistant chat dialog.
  • Report bugs, issues accessing Aurora Security Assistant, or new feature requests — Open a ticket in the Unified Portal for support. For more information, see Create a Unified Portal ticket.

Disable Aurora Security Assistant

If your organization does not want to use the Aurora Security Assistant, you can disable it for your organization.

Note: You cannot disable Aurora Security Assistant for an individual user. You can only disable it for your entire organization.

These resources are required:

  • Administrator permissions for the Arctic Wolf Unified Portal.

    You must be a primary or secondary contact. If you require this level of access, submit your request to a primary or secondary contact in your organization.

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Organization Profile > Admin Settings.
  3. Click the Aurora Security Assistant toggle to the off position.