Magnet Axiom Cyber 8.4 is now available!

Are you interested in this product?

1300 55 33 24

contact@cdfs.com.au

Request a Call back

We’re excited to announce the release of Magnet Axiom Cyber 8.4, which includes new features and improvements such as:

  • Quickly identifying TTPs with MITRE ATT&CK® framework integration
  • Analyzing Linux logs for Ubuntu and Redhat
  • Magnet Exhibit Builder improvements

We’ve also updated and added to our artifact support (updates are at the end of this email.)

You can also view the contents of this email as a blog, including interactive demos. Check it out here.

Upgrade to Axiom Cyber 8.4 within the Axiom Cyber interface or through the Customer Portal

Identify TTPs with MITRE ATT&CK framework integration and bring DF & IR teams together with common terminology

We’ve heard your feedback about the potential for disconnects between teams when the tools they use do not share common terminology. That’s why we’re thrilled to announce that we’ve integrated the MITRE ATT&CK framework into Axiom Cyber.

This common language will facilitate clear and consistent communication among the SOC, IR, Threat Intel and other security teams and stakeholders—reducing misunderstandings and improving collaboration.

Additionally, it’s an excellent starting point for any incident response investigation in Axiom Cyber. Depending on your situation, you can use it for:

  1. Quick triage – When you need insights as fast as possible, collect just the Windows Event Logs using Axiom Cyber, Magnet Nexus, or Magnet Response (a free tool) for faster processing, and explore files and folders to identify suspicious activity using MITRE ATT&CK scanning to point you to where you need to investigate further.
  2. Deep dive post-incident analysis – Run SIGMA rules against Windows Event Logs during your deep dive analysis of an image.

What’s more, analysts can incorporate MITRE ATT&CK details into their reports by automatically exporting insights to Magnet Exhibit Builder (included with Axiom Cyber).

To learn more about all of the benefits of the ATT&CK framework and this integration, read the blog post “Bridging the gap between DF & IR: MITRE ATT&CK ® framework integration in Magnet Axiom Cyber.”

Also, don’t miss our upcoming episode of Cyber Unpacked: Exploring Enterprise DFIR where Doug Metz, Senior Security Forensics Specialist, shares an in-depth look at the importance of MITRE ATT&CK mapping and how to use the new integration in Axiom Cyber.

Want to see it in action? Try this quick interactive demo.

Analyze Linux logs for Ubuntu and Redhat

If you’re performing investigations on Linux Ubuntu and Redhat operating systems, you can now parse Linux log artifacts for analysis within Timeline, and filters.

Logs provide a rich source of insight into what happened, when, and by who and are often the first place to look in the case of a cybersecurity incident. Previously, Linux logs could be acquired, but their contents were not parsed and so they could not be mapped onto a Timeline, which is important for piecing together security events on Linux systems.

To learn more about the important of log files, check out the blog post “Computer artifacts: Exploring metadata, log files, registry data, and more.”

Magnet Exhibit Builder improvements

Made available in Axiom Cyber 8.1, Magnet Exhibit Builder lets you easily build clear and comprehensive forensic reports combining Axiom Cyber files and all other evidence sources. In this release, we’ve added the following improvements:

  • The ability to export reports in HTML format in addition to PDF exports. The web-based HTML version provides a flexible sharing option that stakeholders can review in any standard web browser.
  • The option to view additional artifact details using the view all artifact information option in the Artifact Summary.

To learn more about Exhibit Builder, read the blog post “Elevate your digital forensics reports with Magnet Exhibit Builder.”

New and updated artifacts, including more cloud acquisition updates

We’re continually adding and updating artifacts based on the applications you’re coming across in your investigations. With this release, we’re continuing to improve our cloud acquisition capabilities with several new and updates cloud artifacts.

New artifacts

  • Discord Local Storage (Computer)
  • Input Method Editor (iOS, MacOS)
  • Linux Logs – audits Redhat and Ubuntu (Linux)
  • System Logs (Linux)
  • Samsung Customization Service Motion and Location Logs (Android)
  • SMS/MMS/iMessage – nicknames (iOS)
  • WhatsApp Calls (iOS, Android)
  • Session Messages (iOS)

Updated artifacts

  • Android Messages (Android)
  • Facebook Messenger End-to-End Encrypted Chat Attachments (Android)
  • Facebook Warrant Returns (Cloud)
  • Account Actions
  • Friend Requests
  • Friends
  • Messenger Messages
  • Wallpost
  • KakaoTalk (Android, iOS)
  • LINE (Android)
  • Windows Event Log (Computer)
  • SMS/MMS/iMessage (iOS)
  • Slack (iOS)
  • TeleGuard Messages (Android)
  • WhatsApp (iOS)

Get Magnet Axiom Cyber 8.4 today! 

To start using these features today, upgrade to the latest version within Axiom Cyber or over at the Customer Portal.