docs: update some sections

NextronSystems · Dec 9, 2021 · 141ce8e · 141ce8e
1 parent c36664b
commit 141ce8e
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 10 deletions.
diff --git a/usage/installation.rst b/usage/installation.rst
@@ -1,6 +1,9 @@
 Installation
 ============
 
+Install Aurora
+--------------
+
 You can install the agent using the following command line from command line terminal that has been started "As Administrator".
 
 .. code:: winbatch

diff --git a/usage/usage.rst b/usage/usage.rst
@@ -16,13 +16,13 @@ An existing config file can be used with the respective flag.
 
 .. code:: winbatch
     
-    aurora-agent-64.exe -c my-config-file.yml
+    aurora-agent-64.exe -c agent-config-reduced.yml
 
 A typical command line that runs Aurora and prints messages and matches to the command line and the Windows ``Application`` eventlog looks like this:
 
 .. code:: winbatch 
 
-    aurora-agent-64.exe --minimum-level medium 
+    aurora-agent-64.exe --minimum-level low
 
 Run Aurora as Service
 ---------------------

diff --git a/usage/what-is-aurora.rst b/usage/what-is-aurora.rst
@@ -5,7 +5,6 @@ What is Aurora?
 - It uses Event Tracing for Windows (ETW) to subscribe to certain event channels.
 - It extends the Sigma standard with so-called "response actions" that can get executed after a rule match
 - It supports multiple output channels: the Windows Eventlog, a log file and remote UDP targets
-- 
 
 What is Aurora Lite? 
 --------------------
@@ -14,11 +13,11 @@ Aurora Lite is our free version of Aurora which is free for private and commerci
 
 It has a few technical limitations, doesn't use our private Sigma rule set, lacks resource control features and special modules. 
 
-Additional features in the full version:
+Features and services that are not included in the Aurora Lite version:
 
-- Comfortable Aurora Agent and Sigma rule management via ASGARD Management Center
-- Additional detection modules (not Sigma-based; e.g. Cobalt Strike beaconing, LSASS dumping)
-- Nextron Sigma rule feed 
-- Encrypted Sigma rules (protect rules from spying eyes or the AV)
-- Log output rate throttling 
-- CPU load limiting
+- No comfortable Sigma rule management via ASGARD Management Center
+- No additional detection modules (non-Sigma-based detection; e.g. Cobalt Strike beaconing, LSASS dumping)
+- No private Nextron Sigma rule feed 
+- No encrypted Sigma rules (protect rules from spying eyes or the AV)
+- No UDP/TCP Output
+- Only 2 rules with response actions allowed