Upgrade note: This update to the 3.17.0 release addresses an issue when retrieving a list of all workflows using the API.
New and updated
You can now export workflows from your Magnet AUTOMATE instance and import them into other Magnet AUTOMATE instances. Exported workflows are saved as .json files, allowing you to easily back up, transfer, and import those files. Exporting and importing workflows is useful for:
Disaster recovery
Standardizing workflows within your organization (if you have multiple Magnet AUTOMATE instances)
Transferring workflows between testing and production Magnet AUTOMATE instances
Sharing workflow best practices with other organizations that use Magnet AUTOMATE
Note: Exporting and importing a workflow does not transfer the following components to the import environment:
node applications, workflow plugins, custom variables, hardware imager credentials, and config files.
To more easily manage your workflows, the Workflows page has been redesigned to offer a more intuitive user experience:
The Status column displays whether a workflow is Active (available for creating cases) or Inactive (unavailable for creating cases), with a color-coded status icon. If a workflow is inactive, click Inactive to display an information message. For example, it may be a draft workflow or it may require configuration before it can be used in a case.
The Applications and plugins column displays an expandable drop-down list of the applications and workflow plugins used in the workflow. The list is collapsed by default, displaying the total number of components. If a component is missing or requires configuration, the component is highlighted.
For added flexibility when customizing workflows, this release adds the following new workflow variable: ${IMAGE_SIZE}. This variable specifies the size of the original image in bytes included during case creation or the size of the image in bytes produced by a hardware imager. Note: If a run is triggered by the API, the value of ${IMAGE_SIZE} is reported as 0.
In Magnet AUTOMATE Enterprise, you can now perform cloud acquisitions using the Magnet AUTOMATE REST API. Previously, you could only perform cloud acquisitions using the web application and CLI.
In Magnet AUTOMATE Enterprise, AXIOM Cloud now supports date/time filtering of cloud evidence during case creation. This ensures that you acquire only relevant cloud evidence from a specific date/time period when creating a case. This functionality is available from the web application, CLI, and API.
In Magnet AUTOMATE Enterprise, to manage your cloud platform credentials for cloud acquisition workflows, you can now edit and delete existing cloud platform credentials from the web application.
If you use an event management platform (SIEM, SOAR) with Magnet AUTOMATE Enterprise, you can now configure the Magnet AUTOMATE REST API to initiate a remote computer workflow that deploys an agent to the target computer, using the target computer's hostname/IP address, username, and password. For example, when an event occurs on your network that compromises a targeted computer, such as a malicious attack or data exfiltration, you can automatically initiate a remote computer workflow in Magnet AUTOMATE Enterprise.
When using the API to integrate Magnet ATLAS with Magnet AUTOMATE, ATLAS can now report node status (Offline, Available, and Processing) to users, notifying them when they need to take action to resolve issues in AUTOMATE. Previously, you had to manually verify node status in AUTOMATE.
Magnet AUTOMATE now supports Windows Server 2022 for the controller and node services.
To offer task-based information by role, Magnet AUTOMATE product documentation includes the following new and revised guides:
Magnet AUTOMATE System Requirements (previously known as the Magnet AUTOMATE Feature and Technical Overview) - an overview of Magnet AUTOMATE architecture and system requirements. This guide is for users with the Admin role and IT stakeholders.
Magnet AUTOMATE Administrator Guide (NEW) - install Magnet AUTOMATE, manage users, set up nodes and workflow applications, configure global settings for workflows and cases, add custom fields for case and evidence details, set up hardware imagers, monitor and report on system usage and performance, backup and data recovery, and troubleshooting. This guide is for users with the Admin role.
Magnet AUTOMATE Workflow Builder Guide (NEW) - create basic and advanced workflows, export and import workflows, create workflow plugins, and integrate additional applications and tools. This guide is for users with the Admin role.
Magnet AUTOMATE User Guide - manage your user profile, create cases, monitor case status, view case output and review evidence, monitor and report on system usage and performance, and troubleshooting. This guide is for users with the User role.
Magnet AUTOMATE Quick Start Guide - install and configure the controller and one node on a single computer, and then create a simple workflow and case. This guide covers the basics of installing, configuring, and using Magnet AUTOMATE.
Magnet AUTOMATE CLI Reference (NEW) - integrate applications into workflows using the CLI. This guide is for users with the Admin role.
Magnet AUTOMATE API Reference - integrate applications into workflows using the Magnet AUTOMATE Rest API. This guide is for users with the Admin role.
Previously, the Magnet AUTOMATE User Guide contained all administrator, workflow, user, and CLI information.
Bug fixes
When creating a workflow plugin with a non-mandatory custom input field, if the field value was empty, using the corresponding variable in your script caused the workflow plugin to fail. (AU-58)
When running a localized hardware imager workflow in local image mode, the workflow incorrectly requested a new node to calculate image size. (AU-1036)
When creating a merge workflow, adding an Exporter element after the Merge element incorrectly added a --sourceType "Image" argument, which caused the export to fail. (AU-1072)
When using custom variables in output paths, run logs and case summaries incorrectly used the variable name for directories instead of the variable value, for example, $(CASE_YEAR) instead of 2023. (AU-1153)
When cloning a workflow, any information you initially added or changed in the Create workflow step was not saved (name, keyword list, password list, etc.). (AU-733)
Known issues
When setting up a GrayKey hardware imager, the Hostname field does not accept a valid hostname, preventing you from clicking Connect. As a workaround, enter a valid IP address instead. -AU-908
Long lines in log files may fail to wrap correctly, causing them to overlap with other lines. To resolve the issue, refresh the log you are viewing. -AU-699
In an image processing workflow, AXIOM Process cannot read an iOS image with a keychain encrypted by BitLocker. To successfully read and process this type of image, copy the keychain to an external drive not encrypted with BitLocker. Additionally, if the AUTOMATE agent node's workspace is encrypted with BitLocker, workflows that have been configured to "turn on local image mode" will not be able to read these images. -AXP-10310
During data validation, if the source destination contains an image with copies of the same image in subfolders, the data validation fails. In this scenario, the expected behavior is that Magnet AUTOMATE doesn't recursively catalog identical files. -AUTO-3407
When copying files during data validation, the associated node is in use; however, the Nodes column for cases in progress appears empty. The expected behavior is that the Nodes column should display the active node. -AUTO-3406
When data validation begins, the run log records a "Creating hash catalog" status. If files fail to copy after creating file hashes, there is no status in the run log to indicate when copying started. The expected behavior is that there should be a "Copying" status after "Creating hash catalog" to indicate the sequence of events and when they occurred. -AUTO-3408
Magnet AXIOM and Magnet AXIOM Cyber updates
Updated agent installers to include the latest version of workflow applications: AXIOM Cloud, AXIOM Process, AXIOM Exporter, AXIOM Post-Processing, and Magnet ACQUIRE.