Use this section of the console to review and explore the forensic data collected from Aurora Focus devices and to take action in response to threats.

See Analyzing data collected by Aurora Focus and Using Aurora Focus to detect and respond to events.

Detections

View and analyze the events detected by the Aurora Focus agent. Use the detections dashboard to review trends over time, the severity of different detections, and detailed information about each detection. See View and manage detections.

InstaQuery

Construct queries to analyze artifact data, discover indicators of compromise, and to determine the prevalence of artifacts on devices. See Using InstaQuery and advanced query to analyze artifact data.

Advanced Query

Construct your own queries with EQL syntax for advanced threat-hunting. See Using InstaQuery and advanced query to analyze artifact data.

Focus Data

Request focus data to visualize and analyze the chain of events, and the associated artifacts and facets of those events, that resulted in a piece of malware or other security threats on a device. See View focus data.

Packages

Deploy custom or preconfigured packages to collect data from devices for further analysis. For example, you can run a process to collect browser data. See Deploy a package to collect data from devices.

Devices

View details and status information for all Aurora Focus devices. See View devices that are enabled for Aurora Focus.

Action History

Retrieve and review remote response logs and download files that Aurora Focus has identified as potential threats. See View and download files that Aurora Focus has retrieved.

Configurations

Configure detection rule sets and exceptions, create custom detection rules, and create packages and package playbooks. See Using Aurora Focus to detect and respond to events.