Using Aurora Focus to detect and respond to events

Note: In early 2025 the Behavioral Detection Engine was introduced as the new data collection and analysis engine that both powers and significantly enhances the capabilities of the Aurora Focus agent on your organization’s devices. The Behavioral Detection Engine replaces the previous method of detection rule sets that are detailed in this section. For information and instructions, see Transition Aurora Focus devices from detection rule sets to the Behavioral Detection Engine. The Behavioral Detection Engine is highly tuned to provide a more efficient experience that improves the accuracy of detections while reducing "alert noise", so it is the recommended mechanism going forward. Advance notice will be provided before detection rule sets are deprecated.

Aurora Focus uses the Context Analysis Engine (CAE) to analyze and correlate events as they occur on devices in near real-time. The CAE logic is stored locally on the device, which allows the Aurora Focus agent to monitor and track malicious or suspicious activity even if the device is not connected to the Aurora Focus cloud services. You can configure Aurora Focus to take automated response actions when the CAE identifies certain artifacts of interest, providing an additional layer of threat detection and prevention to complement the capabilities of Aurora Protect Desktop.

You can customize the detection capabilities of Aurora Focus to suit the needs of your organization. You can create detection rule sets with your desired configuration of detection rules and responses, you can clone and modify existing detection rules or create your own custom rules, and you can create detection exceptions to exclude specific artifacts from detection.