AURA
Introduction
AURA is an automated awareness engine designed to run a continuous security awareness program without requiring manual campaign setup.
Administrators select topics, define target audiences, choose main courses, set validity periods, and define boosts frequency. Once activated, AURA continuously checks which users need which training and automatically sends the appropriate education based on their individual learning record.
Instead of launching recurring awareness campaigns, organizations configure the program once — and AURA maintains it automatically.
Relationship to Adaptive Phishing
AURA complements Adaptive Phishing:
AURA maintains knowledge through structured education.
Adaptive Phishing evaluates user behavior through ongoing simulations.
Together, they provide continuous education and continuous behavioral testing.
Program Configuration
Understanding these terms is essential to understanding AURA.
Topic
A cybersecurity subject (e.g., Phishing, Passwords, MFA).
AURA contains 18 predefined topics.
Course
The main learning material for a topic.
Awareness Boost
A short refresher sent after the course to reinforce knowledge.
Valid Course
A course that was completed and has not expired yet.
Valid Topic
A topic where the course is valid (boost not required for validity).
Resilience
A percentage score that shows how well a user is protected for a topic.
Reminder
Automatic follow-up email if a user has not completed assigned material.
Repeat Offender
A user who received at least one course for every topic and completed none.
For each awareness topic, administrators define:
The required Course
The Topic and Course validity period (when it expires)
The Boost (short reinforcement material such as videos, games, or short learning units)
How often Boosts should be sent
The target audience
This setup defines the organization’s structured awareness program.
Continuous Automated Education
After activation, AURA regularly checks all users and determines:
Who has not completed required Courses
Whose Courses validity has expired
Who is due to receive Boost content
Who has not engaged with previously assigned material
Based on this evaluation, AURA automatically sends the relevant course or booster to each user.
Education is assigned per user based on:
Completed Courses
Expiration status
Boost history
Outstanding requirements
No recurring manual campaign creation is required.
Courses Lifecycle Management
AURA continuously monitors courses validity and ensures:
Courses are reassigned when they expire
Users receive reminders when required
Training coverage remains up to date
This prevents awareness levels from degrading over time.
Risk & Progress Dashboard
AURA includes a dashboard providing visibility into:
Overall training completion rates
Completion per security awareness topic
Courses validity status
Boost delivery and engagement
Progress over time
Security officers can monitor awareness coverage across the organization and identify gaps.
Limitations in the Beta release
Content & Template Structure
Fixed structure of 18 predefined topics
Each topic includes 1 course and 2 boost templates (total: 54 templates)
All templates must be pre-installed in Lucy before AURA activation
Template usage is hard-coded in the AURA database
Administrators cannot:
Select alternative templates
Replace templates
Define custom topics
Attach custom templates to topics
Language Support
English only
All awareness materials are sent in English regardless of the user’s preferred language
This must be communicated clearly to multilingual customers
Deployment & Architecture
Designed to run exclusively on a VPS with internet access
Not compatible with on-premise Lucy deployments
Running multiple AURA instances connected to a single Lucy environment is not recommended and not fully tested
Supporting multiple clients would require separate VPS deployments
The current codebase is not optimized for large parallel instances with heavy recipient groups
Administration Constraints
Only one administrator account supported
No administrator management interface
Only one active AURA program instance can run per Lucy environment
Testing Constraints
Initial training assignments can be observed within a day
Boosts are triggered one month after course completion
Full course and boost flow testing requires extended time
Short test cycles are not practical
Last updated
Was this helpful?