How Aurora Protect Desktop collects and uses data

For complete information about this product, see the Aurora Endpoint Security docs.

Item

Data collection and use

Malware detection and remediation
  • Aurora Protect Desktop uses machine learning to analyze executable files to:
    • Prevent malware from executing on device endpoints
    • Conduct malware risk scoring
    • Classify malware
    • Improve the effectiveness of Arctic Wolf products
  • The collection of potentially malicious executable files is based on your configuration of the product. You can configure the product to allow or prevent the transfer of the following data:
    • Hostname
    • FQDN
    • IP address
    • MAC address
    • File owner
    • File path
    • Username
  • When a potentially malicious executable file is uploaded, it is transferred to the Aurora Protect cloud services (located in Northern Virginia, US) for scoring. These files are stored separately from your organization’s tenant, and any attribution data is de-identified prior to analysis.
  • Arctic Wolf does not share collected files with third parties.

Customer administrator information

Arctic Wolf collects the following information to deliver customer support:

  • First name
  • Last name
  • Email address
  • Phone number

Collection of endpoint data
Arctic Wolf collects and processes the following endpoint data to identify and protect the device from threats:
  • Device name
  • Hostname
  • FQDN
  • IP addresses
  • MAC addresses
  • Name of the user most recently logged in

Application inventory

Arctic Wolf collects the following application information to identify and protect customer endpoints against threats:

  • Application name
  • Version
  • Vendor name
  • Hot fixes installed
  • Installation date
  • Hostname
  • Username

Threat events

Arctic Wolf collects the following threat information to manage the resolution of detected events:

  • Threat details
  • Status
  • Date time
  • Assigned user

Customer administrative login activity

Arctic Wolf collects the following customer login information to audit authentication activity and manage risks:

  • Login activity from administrators of a customer's tenant (including date and time)
  • User's unique identifier
  • User status
  • User account name

Data storage
  • Arctic Wolf uses the data described above to facilitate the performance of the license agreement under which Arctic Wolf’s services and products are offered. The data is shared only with necessary third-party services that are needed to fulfill the intended purpose of the services.
  • Arctic Wolf will not sell, lease, or otherwise distribute this information.
  • Endpoint data is removed at the end of the contract. Administrators can remove data using the management console.
  • Potentially malicious executables are retained indefinitely. No data is retained that can be used to associate the executable with an individual or organization.
  • The endpoint data that is collected is stored in one of the following subprocessors:
    • Amazon Web Services; Asia Pacific (Australia, Japan), Europe (Germany), North America (United States), South America (Brazil)
    • Databricks: Asia Pacific (Australia), Europe (Germany), North America (United States)
    • MessageBird (email address data only): United States

Data retention

Personal data processed Data retention period

Customer administration information

Personal data may be deleted upon request.

Endpoint data

All endpoint data is removed 30 days after the end of the contract. Data for inactive devices may be automatically removed based on customer configured policies. Customer administrators may also remove data through the console or provide instructions to customer support to remove endpoint data.

Potentially malicious portable executables and scripts

Data is de-identified and retained indefinitely.

Potentially malicious files uploaded through management console

Data is de-identified and retained indefinitely.

Application inventory

Data is removed 30 days after the end of the contract.

Threat events

Data is stored for up to 37 days.

Customer administrative login activity

Data is stored for 1 year.

Email delivery activity

Data is stored for 30 days.