Aurora Security Assistant

Arctic Wolf®'s Aurora Security Assistant is available in the Unified Portal to answer general security questions and provide additional context about your tickets.

Note:
  • Aurora Security Assistant is in beta. Some features are still in development and will be added during the beta period. For more information about joining the beta program, see Aurora Security Assistant Opt-In.
  • Aurora Security Assistant uses generative AI to respond to questions. Check responses for accuracy.

Aurora Security Assistant is available in English, Spanish, French, German, Italian, Portuguese, Dutch, Russian, Chinese, Japanese, Korean, and Arabic.

Aurora Security Assistant data sources

Aurora Security Assistant can access these data sources:

  • Tickets that you are viewing in the Unified Portal.
  • Public-facing Arctic Wolf Help Documentation
  • The internet data that was used to train it, including these skill-specific datasets:
    • The Common Vulnerabilities and Exposures (CVE) database
    • Microsoft Knowledge Base (KB) articles
  • Any text pasted into the tool during a session.
Note:
  • Each session is a new conversation. Aurora Security Assistant cannot access information from a previous conversation.
  • Aurora Security Assistant can generate links to Data Explorer and custom dashboard widgets in the Unified Portal, but does not access or query the associated databases directly.

Data sent to Aurora Security Assistant does not leave Arctic Wolf's AWS environment. For more information, see Artificial Intelligence.

Sample Aurora Security Assistant prompts

These are common types of questions that you can ask Aurora Security Assistant.

Tip:

  • You can ask Aurora Security Assistant about how it can help you, including what types of questions you can ask, what information it can access, and what abilities it has.

  • Limit the size of your prompts to 100 words or less, or around a paragraph.
  • Click on the page or element that you want Aurora Security Assistant to interact with, before asking your question.
Category Examples
General security and IT questions
  • List five techniques to recognize phishing emails.
  • What is a password spray attack?
Questions about Arctic Wolf products and services
  • What is a CRA?
  • What new features were released for MA in January?
  • A user is going to the Bahamas this weekend. How do I add them to an allow list for O365 logins?
Questions related to a ticket that you are viewing or related to multiple tickets in the All Tickets panel
  • Summarize this ticket.
  • Summarize information about the affected device in this ticket.
  • What is the risk to my organization?
  • Review these tickets and tell me about any trends.
Questions related to threat bulletins or threat reports
  • Briefly summarize this report.
  • Explain how to remediate the threat identified in this bulletin.
Questions related to Security Focuses
  • Summarize this security focus.
  • What tasks are outstanding in this security focus?
Questions about external resources that can add more context
Note: For more information about what external resources Aurora Security Assistant can access, see Aurora Security Assistant data sources.
  • Provide a link to the MITRE framework that explains password spraying.
  • Search for Microsoft Knowledge Base articles related to this ticket.
  • Explain the phases in the Cyber Kill Chain in less than 200 words.
  • Describe CVE-2024-9474.
    Note: If the CVE is valid, but Aurora Security Assistant does not output a valid response, enter this command after your original request:
    CODE 
    This is a valid CVE. Invoke the CVE tool for it.
Questions that can be answered using a Data Explorer query
Note: You must have a Data Explorer license to access this feature.
  • Show me this user's activity in Office 365.
  • Were there any successful logins for this user in the last 3 days?
  • Show me a Data Explorer dashboard with activity similar to this ticket.
Questions that can be answered using a custom dashboard widget
Tip:
  • You must have access to custom dashboards in the Unified Portal to use this feature. For more information, see Dashboards.
  • Aurora Security Assistant adds the widget to the AI Security Assistant dashboard, which is available in the Unified Portal under Reporting > Dashboard Management.
  • If a dashboard has reached the 10 widget limit, Aurora Security Assistant may create a new one.
  • You may need to refresh your dashboard to view the new widget that Aurora Security Assistant created.
  • Create a pie chart of login attempts to Office 365.
  • Add an area chart to this dashboard that shows events with AD event code 4624.
  • Add a widget to this dashboard that shows restricted country login events.
Tip: Aurora Security Assistant generates widgets with seven days of data by default. You can adjust the date range in the dashboard after the new widget is created.

Get support with Aurora Security Assistant

Take one of these actions:
  • Report specific feedback about Aurora Security Assistant's responses — Respond to the Was this helpful? prompt in the Aurora Security Assistant chat dialog.
  • Report bugs, issues accessing Aurora Security Assistant, or new feature requests — Open a ticket in the Unified Portal for support. For more information, see Create a Unified Portal ticket.