EDR System Tray
The EDR system tray application provides endpoint users with a lightweight interface for monitoring their endpoint's security status. Built with iced (Rust), it runs with minimal resource footprint and provides at-a-glance status information.
Features
Status Indicator
- 🟢 Green: Endpoint is healthy, sensor is connected
- 🟡 Yellow: Warning state (degraded, missed heartbeat)
- 🔴 Red: Critical state (isolated, threats detected)
Popup Window
Click the tray icon to see:
- Sensor connection state
- Last heartbeat time
- Active alerts count
- Current risk score
- Isolation status
Quick Actions
- Collect Triage: Trigger a forensic snapshot
- Check for Updates: Check for sensor updates
- View Status: Open the full status window
Notifications
The tray app shows Windows/Linux toast notifications when:
- A threat is detected on the endpoint
- The endpoint is isolated
- The sensor connection is lost
- An update is available
Technical Details
- Framework: iced (Rust, GPU-accelerated)
- Resource footprint: <20MB RAM, <1% CPU
- Communication: Local gRPC to sensor daemon on 127.0.0.1:9091
- Platform: Linux (GTK tray), Windows (Win32 notify icon)
Installation
The system tray is bundled with the EDR sensor package. It starts automatically on user login.
Linux
# The tray app is installed alongside the sensor
systemctl --user enable aurorasoc-edr-tray
systemctl --user start aurorasoc-edr-tray
Windows
The tray app is registered as a startup application during sensor installation.