Magnet Axiom Cyber 8.4: Quickly identify TTPs with MITRE ATT&CK® integration
We’re excited to announce the release of Magnet Axiom Cyber 8.4, which includes new features and improvements such as:
- Quickly identifying TTPs with MITRE ATT&CK® framework integration
- Analyzing Linux logs for Ubuntu and Redhat
- Magnet Exhibit Builder improvements
We’ve also updated and added to our artifact support (additional details are at the end of this blog.)
Upgrade to Axiom Cyber 8.4 within the Axiom Cyber interface or through the Customer Portal.
Haven’t tried Axiom Cyber yet? Request your free trial here.
Identify TTPs with MITRE ATT&CK framework integration and bring DF & IR teams together with common terminology
Digital forensics solutions like Magnet Axiom Cyber provide crucial insights into the root causes of cyber incidents, helping to minimize threat impact, reduce downtime, and prevent future damage by identifying vulnerabilities.
We’ve heard your feedback about the potential for disconnects between teams when the tools they use do not share common terminology. That’s why we’re thrilled to announce that we’ve integrated the MITRE ATT&CK framework into Axiom Cyber.
Now, with ATT&CK framework integration, we’re further aligning incident response and digital forensics teams for more effective collaboration.
One of the key benefits is the existence of a common language, facilitating clear and consistent communication among the SOC, IR, Threat Intel and other security teams and stakeholders. When everyone is on the same page regarding the definitions and descriptions of adversary actions, it reduces misunderstandings and improves collaboration.
Additionally, it’s an excellent starting point for any incident response investigation in Axiom Cyber. Depending on your situation, you can use it for:
- Quick triage – When you need insights as fast as possible, collect just the Windows Event Logs using Axiom Cyber, Magnet Nexus, or Magnet Response (a free tool) for faster processing and explore files and folders to identify suspicious activity using MITRE ATT&CK scanning to point you to where you need to investigate further.
- Deep dive post-incident analysis – Run SIGMA rules against Windows Event Logs during your deep dive analysis of an image.
This standardized approach also aids in training and onboarding new team members, as they can quickly become familiar with the framework and its application in real-world scenarios. What’s more, analysts can incorporate MITRE ATT&CK details into their reports by automatically exporting insights to Magnet Exhibit Builder (included with Axiom Cyber).
To learn more about all of the benefits of the ATT&CK framework and this integration, read the blog post “Bridging the gap between DF & IR: MITRE ATT&CK ® framework integration in Magnet Axiom Cyber.”
Also, don’t miss our upcoming episode of Cyber Unpacked: Exploring Enterprise DFIR where Doug Metz, Senior Security Forensics Specialist, shares an in-depth look at the importance of MITRE ATT&CK mapping and how to use the new integration in Axiom Cyber.
Want to see it in action? Try this quick interactive demo:
Analyze Linux logs for Ubuntu and Redhat
If you’re performing investigations on Linux Ubuntu and Redhat operating systems, you can now parse Linux log artifacts for analysis within Timeline, and filters.
Logs provide a rich source of insight into what happened, when, and by whom and are often the first place to look in the case of a cybersecurity incident. Previously, Linux logs could be acquired, but their contents were not parsed and so they could not be mapped onto a Timeline, which is important for piecing together security events on Linux systems.
To learn more about the importance of log files, check out the blog post “Computer artifacts: Exploring metadata, log files, registry data, and more.”
Magnet Exhibit Builder improvements
Made available in Axiom Cyber 8.1, Magnet Exhibit Builder lets you easily build clear and comprehensive forensic reports combining Axiom Cyber files and all other evidence sources. In this release, we’ve added the following improvements:
- The ability to export reports in HTML format in addition to PDF exports. The web-based HTML version provides a flexible sharing option that stakeholders can review in any standard web browser.
- The option to view additional artifact details using the view “all artifact information” option in the Artifact Summary.
To learn more about Exhibit Builder, read the blog post “Elevate your digital forensics reports with Magnet Exhibit Builder.”
New and updated artifacts, including more cloud acquisition updates
We’re continually adding and updating artifacts based on the applications you’re coming across in your investigations. With this release, we’re continuing to improve our cloud acquisition capabilities with several new and updates cloud artifacts.
New artifacts
- Discord Local Storage (Computer)
- Input Method Editor (iOS, MacOS)
- Linux Logs – audits Redhat and Ubuntu (Linux)
- System Logs (Linux)
- Samsung Customization Service Motion and Location Logs (Android)
- SMS/MMS/iMessage – nicknames (iOS)
- WhatsApp Calls (iOS, Android)
- Session Messages (iOS)
Updated artifacts
- Android Messages (Android)
- Facebook Messenger End-to-End Encrypted Chat Attachments (Android)
- Facebook Warrant Returns (Cloud)
- Account Actions
- Friend Requests
- Friends
- Messenger Messages
- Wallpost
- KakaoTalk (Android, iOS)
- LINE (Android)
- Windows Event Log (Computer)
- SMS/MMS/iMessage (iOS)
- Slack (iOS)
- TeleGuard Messages (Android)
- WhatsApp (iOS)
Get Magnet Axiom Cyber 8.4 today!
Download Axiom Cyber 8.4 over at the Customer Portal or upgrade within the application.
Haven’t tried Axiom Cyber yet? Request your free trial here.
If you conduct digital investigations for law enforcement, check out the new features in Magnet Axiom 8.4 here.