This option is visible only to users who have Aurora Focus enabled. Aurora Focus events represent malicious or suspicious events detected by the Aurora Focus Context Analysis Engine (CAE). Selecting this option will send a message to the syslog server whenever an applicable Aurora Focus detection rule or threat detection module is triggered on an Aurora Focus device. Selecting this option will enable syslog messages for the following detection event types: process events, file events, registry events, network events, and memory events.

Due to the volume of information included in Aurora Focus detection events, the syslog representation of a detection event is reduced in size, and it does not contain the full set of information that is available from the management console or the API.