home home
Other Sites
  • ArcticWolf.com
  • Unified Portal
  • Arctic Circle Community
  • Technical Support Knowledge Base
Request a Demo Internal Documentation
  • Aurora Endpoint Security
  • Managed Detection and Response (MDR)
  • Aurora Attack Surface Management (Aurora ASM)
  • Managed Risk
  • Managed Security Awareness (MA)
  • Incident Readiness and Response
  • Arctic Wolf Unified Portal
  • MSP Portal
  • Authentication
  • Sensors, Scanners, and Log Collectors
  • Arctic Wolf Agent
  • Onboarding Portal
  • Active Response, Log Forwarding, and Security Monitoring
  • Active Directory
  • Cloud Security Posture Management (CSPM)
  • IT Service Management (ITSM)
  • Developer and OEM
  • Product Updates
  • Additional Information about Products and Services
  • Legacy Risk Dashboard
  • Legacy Analytics
  • English
  • 日本語
  • Deutsch
  • Français
Sign In
  • Aurora Endpoint Security
  • Managed Detection and Response (MDR)
  • Aurora Attack Surface Management (Aurora ASM)
  • Managed Risk
  • Managed Security Awareness (MA)
  • Incident Readiness and Response
  • Arctic Wolf Unified Portal
  • MSP Portal
  • Authentication
  • Sensors, Scanners, and Log Collectors
  • Arctic Wolf Agent
  • Onboarding Portal
  • Active Response, Log Forwarding, and Security Monitoring
  • Active Directory
  • Cloud Security Posture Management (CSPM)
  • IT Service Management (ITSM)
  • Developer and OEM
  • Product Updates
  • Additional Information about Products and Services
  • Legacy Risk Dashboard
  • Legacy Analytics
  • English
  • 日本語
  • Deutsch
  • Français
  • ArcticWolf.com
  • Unified Portal
  • Arctic Circle Community
  • Technical Support Knowledge Base
Request a Demo
Internal Documentation
Sign In

Aurora Endpoint Security

Aurora Endpoint Security
  • Aurora Endpoint Defense Administrator Guide
    • Release Notes
    • Using dashboards
    • Managing alerts across Aurora Endpoint Security services
    • Managing users, devices, and groups
    • Managing threats detected by Aurora Protect Desktop
    • Managing safe and unsafe lists for Aurora Protect Desktop and Aurora Protect Mobile
    • Analyzing data collected by Aurora Focus
    • Using Aurora Focus to detect and respond to events
    • Aurora Focus: Behavioral Detection Engine detection rules
    • Auditing administrator actions
    • Managing logs
    • Send events to a SIEM solution or syslog server
    • Enable access to the Endpoint Defense User API
    • Troubleshooting Aurora Endpoint Security
    • Managing threats detected by Aurora Protect Mobile
    • View mobile OS vulnerabilities
    • Monitoring network connections with Gateway
    • Monitoring sensitive files with CylanceAVERT
    • Third-Party Software Attributions
Home ▸ Aurora Endpoint Security ▸ Aurora Endpoint Defense Administrator Guide
Share this page
  • LinkedIn
  • X
  • Facebook
  • Email

Aurora Focus: Behavioral Detection Engine detection rules

Download the latest Aurora Focus Behavioral Detection Engine detection rules spreadsheet for a list of the rules and a short description of each of them. You can search the spreadsheet for information about the rules such as the severity, applicable OS platforms, and associated MITRE tactics and technique references. Last updated: April 15, 2026

Aurora Endpoint Defense Aurora Endpoint Security Public

Last updated: April 15, 2026

Previous Reserved commands for remote response Next Auditing administrator actions
Arctic Wolf Help Documentation
© 2026 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Policy Terms of Use Cookie Policy Accessibility Statement Information Security Sustainability Statement