Creating Agent Placeholders for Remote Collection in AXIOM Cyber
With the number of cyber threats barraging businesses these days, it is more important than ever to work cases quickly and effectively. Which is why we have introduced a new feature into AXIOM Cyber: remote collection agent placeholders.
With the option to include placeholders for agents, you can work more efficiently when building your remote collections by including all the necessary endpoints regardless of whether the agent has checked in or even been deployed.
To see more about this new addition to remote collections, check out the how-to video put together by one of our Forensic Consultants, Chris Cone:
Rounding Out the Remote Collection Process for Multiple Endpoints
This feature helps take queued remote collections in AXIOM Cyber to the next level of efficiency. Queued collections allow you to specify up to 15 endpoints that you want to collect data from and then AXIOM Cyber automatically progresses through the collections with no need for additional input. This process frees up valuable time allowing you to focus on other priorities rather than manually initiating each collection and monitoring the connection status.
Remote collection agent placeholders add the ability to build the collection even earlier in the process, before agents have been deployed, all you need to know is the host name and you can create a placeholder for that collection in your queue. If AXIOM Cyber reaches the placeholder before it has been deployed or checked-in, the collection will be skipped and automatically retried.
Once the remote collection queue has been set, AXIOM Cyber can then run through the collections at any time of day or night to ensure you don’t miss your opportunity to gather the necessary artifacts. For more information on queued collections, check out our blog post: 4 Reasons to Use Queued Remote Collections in Magnet AXIOM Cyber
Further Streamlining the Collection with Targeted Location Profiles
Pre-building a remote collection queue with placeholders provides a very efficient approach to gathering the necessary evidence for your investigations, but there is another feature that can be layered into the equation to speed up the process even more.
For common investigation types requiring the collection of the same files and folder, you can also use targeted location profiles. Target location profiles provide a standardized and repeatable approach to remote collections, allowing you to define the locations on an endpoint that will be collected every time the profile is used.
This can be especially handy for investigations like incident response investigations where custom triage profiles can be developed for the unique paths running on your system. To read more about using targeted location profiles, check out our blog post: Standardizing Your Collections With Targeted Location Profiles in AXIOM Cyber
Get Magnet AXIOM Cyber Today
Try remote collection agent placeholders, queued collections and targeted location profiles in AXIOM Cyber for yourself by requesting a free trial today!