The latest version of Magnet AXIOM Cyber is now available!
In this release, we focused on new features and improvements to make your investigations even faster and easier, no matter what type of case you’re working on – from internal investigations and incident response to supporting eDiscovery:
- Remote Endpoint File Listing
- Microsoft 365 Client Credentials Authentication
- Automatic Correction of GitHub YARA Links
We’ve also updated and added to our artifact support. The updates are listed below. For additional information on this release, check out the release notes here.
Remote Endpoint File Listing
When you’re faced with a security incident or supporting an internal investigation, you may need to quickly obtain a full list of all of the files or folders currently on an endpoint or custodian’s machine. Magnet AXIOM Cyber can automatically (or manually) generate a complete index of the files and folders currently on a remote endpoint – within a few minutes. Now, you can preserve that index and search it to help you during an investigation or for future reference.
In the context of eDiscovery, during Early Case Assessment (ECA), this feature can be used to quickly estimate collection and processing times by giving you a broad understanding of all files currently on a custodian’s machine. For internal investigations or incident response, the presence of a file (or several files) can be quickly validated and preserved prior to a full collection so that you can know exactly which end users require a full collection and deep dive.
To learn more about this new feature and to explore more ways it can help you in your investigations, check out the blog post: “Three Ways to Use Remote Endpoint File Lists to Streamline Your Investigations”
Microsoft 365 Client Credentials Authentication
A new enhancement to our Microsoft 365 collection workflow allows you to authenticate and access data with client credentials. If your organization’s data access control policy prohibits the use of global admin accounts or an account’s username and password to authenticate and access data, upgrade now and use client credentials instead to meet your organization’s security, privacy, and compliance policies while collecting the comprehensive cloud data you need for your investigations.
Client credentials areconfigured in Azure and can be set up with read-only access with the option to choose what data can be accessed. You can also set client credentials to expire if governance rules require time-limited access to data. Learn how to set up client credentials in Azure in our knowledge base article “Sign in to Microsoft using Client Credentials” (Support Portal login required.)
Automatic Correction of GitHub YARA Links
For a smoother workflow while utilizing GitHub YARA rules repositories, AXIOM Cyber now automatically corrects any GitHub URLs to point to the valid Git repository.
For example, if you paste a folder URL (e.g., https://github.com/elastic/protections-artifacts/tree/main/yara) into AXIOM Cyber, it will be automatically corrected to the respective Git repository for you (e.g., https://github.com/elastic/protections-artifacts.)
This is an update to the previously released feature in AXIOM Cyber 7.5, “Adding and Updating YARA Rules From Git Repositories,” which lets you paste a YARA rules Git repository link into AXIOM Cyber to add all of the rules in that repository automatically.
To learn more about YARA Rule processing in AXIOM Cyber, check out this blog post.
New and Updated Artifacts
- iOS Messages Preferences
- Facebook Contacts
- Facebook Messenger
- iOS Owner Information
- Safari Downloads
- Signal Messages
- Signal Users
- Snapchat Chat Messages
- Tinder Accounts
Get Magnet AXIOM Cyber 7.6 Today!
Download AXIOM Cyber 7.6 over at the Customer Portal or upgrade within the application.
Haven’t tried AXIOM Cyber yet? Request your free trial here.