Aurora Endpoint Security tenant configuration

You can create a new Aurora Endpoint Security tenant from the Arctic Wolf Unified Portal. For more information, see Add an Aurora Endpoint Security tenant.

When you create a new Aurora Endpoint Security tenant, or when you reset a tenant to the recommended default state, the tenant includes preconfigured zones and device policies that are designed to help you tune your environment to the desired security posture.

A new tenant, or a tenant that has been reset to the recommended default state, includes three preconfigured zones, one for each desktop OS (Windows, macOS, and Linux). These zones are configured to automatically assign new desktop devices to the appropriate OS zone. The preconfigured zones are assigned the stage 1 device policy.

A new or reset tenant includes three preconfigured device policies to control the features and functionality of Aurora Protect Desktop and Aurora Focus:
  • Stage 1 — The starter configuration that allows devices to listen for malware threats. Advanced policy settings are turned off. Use this policy in your environment first to observe the initial detections from devices and to configure the appropriate exceptions. When you are comfortable with the performance and impact of this policy, you can progress devices to the stage 2 policy.
  • Stage 2 — This policy enables the detection of a wider range of threats, including abnormal malware, unsafe scripts, and memory exploits. Assign this policy to a small number of devices to gauge the volume and frequency of detections and the level of investigation required. This allows you to refine the policy configuration before assigning it to more devices. When you are comfortable with the performance of this policy, you can progress devices to the stage 3 policy.
  • Stage 3 — This policy builds on stage 2 by adjusting settings so that devices can both listen for threats and take certain preventative actions. Use this device policy only after sufficient testing with the stage 2 policy, and only after applying the fine tuning from the stage 2 policy to this policy as well.

For more information about the complete configuration of each preconfigured policy, see Default Aurora Endpoint Security tenant settings.

As you test and evaluate the preconfigured zones and device policies, you can adjust the configuration as needed, including making changes to the preconfigured options or copying and modifying a zone or policy to determine the configuration that best suits your organization's environment.

Aurora Endpoint Security offers options that make it easier for you to configure additional new tenants that meet the needs of your organization. For more information, see Export, import, or reset the configuration of an Aurora Endpoint Security tenant.