Back to Integrations
Aurora
Active IntegrationEndpoint Detection & Response

Aurora

Introduced in BitLyft AIR® v1.25, the native Aurora integration expands endpoint detection and response capabilities with automated malware containment, global quarantine management, and new persistence and lateral movement detection policies.

4

Response Capabilities

2

Detection Policies

v1.25

Available Since

Native Endpoint Response via Aurora

The Aurora integration in AIR® v1.25 brings Aurora-protected endpoints into the full automated response loop. Endpoint visibility, policy management, quarantine decisions, and malware containment are all handled directly from within the AIR® platform — no platform switching required.

Two out-of-the-box detection policies — malware persistence and malware spread — provide immediate coverage for the highest-impact endpoint threat scenarios from day one.

Integration Capabilities

Automated Malware Containment

Endpoint response actions triggered automatically on detection — no analyst intervention required to contain active threats.

Global Quarantine & Allowlisting

Manage endpoint trust across the entire environment from within AIR®, applying quarantine or allowlist decisions globally.

Endpoint Investigation

Investigate and manage endpoint policy from within the AIR® interface during active incident response.

Policy Management

Configure and enforce Aurora endpoint policies centrally from within the AIR® platform.

Out-of-the-Box Detection Policies

Malware Persistence on Host

High

Detects malware maintaining a foothold on a host — a strong indicator that initial remediation was incomplete or that an advanced threat is actively persisting in the environment.

Security Impact

  • Advanced threats maintaining long-term access
  • Credential abuse tied to the compromised endpoint
  • Lateral movement from a host believed to be clean

Malware Spread

Critical

Identifies lateral movement across multiple systems, indicating active malware propagation. Each minute of delay increases the blast radius significantly.

Security Impact

  • Ransomware or worm-style propagation events
  • Mass isolation scenarios across multiple hosts
  • Threat reaching domain controllers or critical systems

Getting Started

1

Connect Aurora

Link Aurora to AIR® using the BitLyft AIR® Integration Keys system introduced in v1.25.

2

Activate Detection Policies

Enable out-of-the-box malware persistence and spread detection policies for your Aurora-protected environment.

3

Configure Response Actions

Map detection policies to automated containment, quarantine, or investigation actions.

4

Monitor & Respond

AIR® handles the response. Analysts receive case notifications with full context and actions taken.

See the full release notes

Aurora integration shipped in BitLyft AIR® v1.25 alongside expanded multitenancy and the AIR® Integration Keys system.

View v1.25 on the releases page

Extend automated response to your Aurora endpoints.

See how AIR® and Aurora work together to detect, contain, and respond to endpoint threats automatically.

Schedule a Demo