Case sharing and collaboration in Magnet Nexus
Internal investigations and responding to cyber security incidents often necessitates leveraging the experience of the broader team to ensure a quick and complete response. Magnet Nexus, SaaS DFIR solution for the investigation of one to thousands of endpoints, allows you to easily share and collaborate on cases within your organization, helping your team work together to reach a quick resolution.
Case sharing in Nexus
With case-sharing capabilities, you can easily select “share case” in the top right of a case details page to make the results of your case available to the rest of your organization, or you can select specific individuals you want to share a case with. Cases shared by other members of your organization will display in your case list, and can easily be toggled on or off by selecting “my cases” or “shared cases” to maintain a streamlined view. A search bar in the case list also helps you quickly navigate to the case you are looking for.
Shared cases can be accessed by staff in any geographic region; they only need an internet connection. The data associated with a shared case is stored in the region selected by the original case owner when they started the investigation to align with any data residency requirements. Just like their own cases, a user needs to have the associated region selected in Nexus to access shared cases.
Collaborating on cases within your organization
In the words of Henry Ford: “If everyone is moving forward together, then success takes care of itself.” With the ability to share cases across your organization, your team can work together on cases regardless of location.
Here is a breakdown of the functionality that is enabled with this new feature:
Add data to the case
The data collected from endpoints associated with the case are added to the case along with everyone else’s acquisition providing a centralized location for all the case data. Team members will be able to see the status of each acquisition initiated by a shared user on the case so that they know when the data is available for their review.
Review and filter the data
Within the case, shared users can review all case evidence broken down by each of the artifact categories and subcategories. Or, they can review just the tagged artifacts and apply new filters and keyword searches to the results to help draw out additional insights.
Tag relevant data
All shared users can tag artifacts in a case providing the ability to truly collaborate on identifying the key evidence. Add tags via the checkbox in the table view or the Hit Details pane for each artifact with attribution to a user account.
Managing your organization
Using role based access controls, company administrators can create and manage the user accounts and monitor usage via audit logs.
Try shared cases in Nexus today
Log in to explore the new case sharing and organization administration options in Nexus. If you haven’t tried Nexus, start a free trial here to check it out for yourself.