Responding to cyber security incidents often necessitates leveraging the experience of the broader team to ensure a quick and complete response. IGNITE now allows you to easily share and collaborate on cases within your organization, helping your team work together to reach a quick resolution.
Case Sharing in IGNITE
With the new case-sharing capabilities, you can easily select “share case” in the top right of a case details page to make the results of your case available to the rest of your organization, or you can select specific individuals you want to share a case with. Cases shared by other members of your organization will display in your case list, and can easily be toggled on or off by selecting “my cases” or “shared cases” to maintain a streamlined view. A new search bar in the case list also helps you quickly navigate to the case you are looking for.
Shared cases can be accessed by staff in any geographic region; they only need an internet connection. The data associated with a shared case is stored in the region selected by the original case owner when they started the investigation to align with any data residency requirements. Just like their own cases, a user needs to have the associated region selected in IGNITE to access shared cases.
Collaborating on Cases Within Your Organization
In the words of Henry Ford: “If everyone is moving forward together, then success takes care of itself.” With the ability to share cases across your organization, your team can work together on cases regardless of location.
Here is a breakdown of the functionality that is enabled with this new feature:
Add Data to the Case
Once a case has been shared with another user, they can download the configured agent and deploy it to as many additional endpoints as necessary. The data collected from those endpoints are added to the case along with everyone else’s collections providing a centralized location for all the case data. Team members will be able to see the status of each collection initiated by a shared user on the case so that they know when the data is available for their review.
Review and Filter the Data
Within the case, shared users can review all case evidence broken down by each of the evidence categories and subcategories. Or, they can review just the tagged items and apply new filters and keyword searches to the results to help draw out additional insights.
Tag Relevant Data
All shared users can tag artifacts in a case providing the ability to truly collaborate on identifying the key evidence. Add tags via the checkbox in the table view or the Hit Details pane for each artifact with attribution to a user account.
Download the Exports
If a collection requires additional review or processing outside of Magnet IGNITE, each user can export an AXIOM Cyber case file to continue the investigation locally as well as ZIP files of the data or the memory DMP content available via the recently updated memory capabilities of IGNITE.
Managing Your Organization
The members of your organization that can view and collaborate on cases are easily managed by the defined company administrators who can create and manage the internal team and monitor the shared scan credit for your organization.
Try Shared Cases Today
This update has been applied to the live version of IGNITE as a cloud-based solution. So, if you are an existing user, log in to explore the new sharing and organization administration options. If you haven’t tried IGNITE, start a free trial here to check it out for yourself.