Product Features

Automating Cloud Acquisitions With Magnet AUTOMATE

We’re excited to announce that automated cloud acquisitions are available in Magnet AUTOMATE workflows!

AUTOMATE supported the processing of cloud images that were acquired using Magnet AXIOM Cyber. With this new capability—the acquisition of cloud data using automated workflows—you can eliminate even more of the manual steps required to collect the cloud data you need for your DFIR investigations.

This is excellent news as cloud-stored data is even more prevalent than ever. A staggering 90% of large enterprises have adopted a multi-cloud infrastructure, with a significant increase in 2020 due to the rise in the need for remote work. Additionally, 60% of the world’s corporate data is stored in the cloud.

Four Key Benefits of DFIR Workflow Automation and Automating Cloud Acquisitions 

Let’s start with the main reason why we’re excited to be able to automate cloud acquisitions and then cover some benefits of automation that we hear from our customers:

Remove (Even More) Manual Touchpoints to Accelerate Investigations

By automating cloud acquisitions, you can remove more of the manual steps associated with acquiring data, which can save time during investigations. You only need to set up workflows once with preset parameters, and upon case creation simply enter stored credentials to configure a cloud workflow. Once you click “Start Workflow,” automation will handle the collection, processing, and export. You don’t need to touch the case again until it’s ready for your analysis.

A diagram showing an HR workflow in Magnet AUTOMATE Enterprise: First a service ticket from HR management triggers the workflow and AUTOMATE Enterprise collects the remote computer. After that, two branches occur. The first is a collection of Office365 Inbox, which is processed with AXIOM Cyber, searched for keywords, a report is generated, the report is dumped to a folder, a PowerShell script is triggered, and the report is uploaded to S3 Bucket. The second is a process with AXIOM Cyber for triage search, then a timeline search, the case is copied to central storage, and a Slack alert is triggered.
Figure 1: An example of an Employee Exit workflow. It is initiated by service ticket from an HR management solution triggering a workflow in AUTOMATE. The new cloud acquisition feature automatically collects an O365 Inbox and processes it with AXIOM Cyber, generating a report that is saved to a folder for review, while the data is stored in an S3 bucket. In parallel, a triage search is executed on the data, and a Timeline is generated for review. Once complete, a Slack notification is sent to stakeholders to let them know that the workflow is complete.

Promote Efficiency With Streamlined Workflows

Constant context switching between tools is not only exhausting but highly inefficient. When your DFIR, cybersecurity, and business tools don’t talk to each other, you’re left with little choice but to carry on with manual processes. Magnet Forensics has always encouraged a toolkit approach. We’ve built AUTOMATE to integrate with almost any tool in your tech stack with a REST API or CLI. That’s right, now you can combine all your tools into streamlined, consistent workflows to do away with manual touchpoints and inefficient processes.

Scale Up Forensic Collection & Processing

AUTOMATE can handle data collection from several endpoints or custodians at once, and then process them in parallel. Combine that with triggers from your EDR/XDR or other case management solutions (such as Magnet ATLAS) that kick off workflows without any human intervention, and you can keep your lab running 24/7/365, even when you’re not behind the keyboard.

Improve Work Experience, Boost Productivity

Nobody wants to wait for tools to complete, select the same processing parameters repeatedly, or email stakeholders when evidence is ready for their review. It doesn’t add value and leaves investigators burnt out and desiring more from their work. Let investigators focus on analyzing the data, and boost productivity, by automating the collection and processing of forensic data.

Modernizing DFIR Workflows With Automation

If you haven’t explored the many types of investigations that AUTOMATE can streamline, download our guide Modernizing Forensics Workflows with Magnet AUTOMATE to learn more. 

In the Cover of Modernizing Digital Forensics Workflows with Magnet AUTOMATE Enterpriseguide, we share the benefits and value of automating common DFIR workflows and use cases such as data loss prevention workflows, malware investigations, and inter-org handoffs.

Learn More about Magnet AUTOMATE

  • Watch a short webinar sharing the benefits of DFIR automation and a closer look at how our solution works.
  • Request a demo of AUTOMATE to learn more from our experts.

Subscribe today to hear directly from Magnet Forensics on the latest product updates, industry trends, and company news.

Start modernizing your digital investigations today.