New in AXIOM Cyber 5.6: Upgraded Agent Status Dashboard, FIPS, Google Workspace Improvements, and a New Beta Feature!

The latest version of Magnet AXIOM Cyber, 5.6, is now available!  

You can upgrade to AXIOM Cyber 5.6 in-product or over at the Customer Portal.

In the 5.6 release, we’re continuing and completing (for now) the journey that was started with the Agent Status Dashboard introduced in 5.5. We’ve made upgrades to the remote agent so it will successfully perform remote collections from FIPS enabled devices. Plus we’ve made improvements to the Google Workspace workflow so it’s easier to get data and we’ve added support for collecting document version histories from Google Drive. 

And to top it all off, we have a new beta feature that we’d love for you to try out: XFS parsing! 

If you haven’t tried AXIOM Cyber yet, request a free trial here.

Get a Bigger Picture with the Agent Status Dashboard 

In AXIOM Cyber 5.5, we introduced the Agent Status Dashboard which gave you a view of all the agents you have created, their status, and an easy way to connect to those agents from directly within the dashboard. 

However in 5.5, you could only view the endpoints associated with one agent at a time within the dashboard. If you wanted to see what other agents you have created and the endpoints they’re deployed to, you’d have to go back and select that other agent. It was a great step forward, but we knew we could take it further and give you a bigger view. 

And that’s exactly what we did in 5.6. Now the Agent Status Dashboard will show you all the agents you have created and the endpoints that they’re deployed to in a single view. 

You can still easily sort and filter to find what you’re looking for quickly. And to help you cut through the noise of offline endpoints, you can choose to hide offline endpoints and only see the ones that are online.

Try XFS Parsing – Now in Beta!

The XFS file system—commonly paired with RedHat Linux, Amazon Linux, and CentOS operating systems—is a prime target for cyberattacks like malware, data exfiltration, advanced persistent threats and a whole host of other threats from bad actors.

When a security incident happens and you need to analyze XFS data, using tools that are familiar and known to your team, tools like AXIOM Cyber, are going to be key to ensuring that you can find exactly what it is that you’re looking for in the shortest amount of time.

With AXIOM Cyber 5.6, we’ve introduced parsing XFS data as a beta feature. This beta feature is not turned on by default. To unlock XFS parsing, contact our Technical Support team at support@magnetforensics.com and they will provide instructions about how to access the new beta feature.

Give it a try, we hope you find it useful!

Collect More Data from Google Workspace, Easier!

Although Microsoft Office is the dominant productivity suite, Google Workspace has steadily been growing in popularity. In October 2020 Google reported that they had over 2.6 billion monthly active users (MAUs) which was a 30% increase from the 2 million MAUs earlier that year in March.

If you’re collecting data from Google Workspace, there are three notable improvements in 5.6:

• We’ve redesigned the acquisition workflow for Google Workspace making it easier for you to get the data that you need
• You now have the ability to recover each version history of a file stored in Google Drive—especially helpful for insider threat investigations that involve document alteration.
• A new option to acquire Audit Logs at the user level

Diving into some of the redesigned user experience of the Google Workspace acquisition workflow, below is a brief summary of what you can expect to see.

First we’ve made it really clear within AXIOM Cyber what kind of data you can expect to acquire based on the authentication method that you choose. If you choose to authenticate using a user name and password, you are going to get a lot more data than if you are simply authenticating with a token.

If you’re signing in with a Google Admin account, you can also now select your access level to either access both Admin and user account data, or just Admin account data only making it easier to know what data you’re collecting.

And lastly, after you’ve selected the user accounts that you want to acquire evidence from, you can now choose the specific data you want for each account (e.g. Mail, Calendar, Photos, Audit Logs, etc.). This will help you cut through the noise when you need to do a more targeted collection.

Collect from FIPS Enabled Devices

Historically connecting AXIOM Cyber’s remote agent to a FIPS enabled device has been a challenge. Not anymore.

In AXIOM Cyber 5.6, organizations and agencies that have chosen to enable FIPS on endpoints can now successfully perform remote collections.

New Artifacts

• Device information // Chromebook
• Downloads // Chromebook
• Extensions // Chromebook
• Offline Storage // Chromebook
• PowerLog In Call Service // iOS
• Recent Tasks // Chromebook
• Trash Items // Chromebook
• Zello Audio Messages // Android and iOS

Updated Artifacts

• Apple Keychain
• Chrome Extensions
• Contacts
• EML(X) Files
• Signal
• Snapchat
• WhatsApp

Get Magnet AXIOM Cyber 5.6 Today!  

If you’re already using AXIOM Cyber, download 5.6 over at the Customer Portal. If you want to try AXIOM Cyber for yourself, request a free trial today!  

And, if you’re interested in the 5.6 of release of Magnet AXIOM, read about it in this blog post.