We've been busy making updates to AXIOM Cyber since our last release. Here are the new features we've introduced and the issues we've resolved:
- If AXIOM Process cannot connect to the agent because the port is busy, you can now either try to manually resolve the port conflict and then retry connecting to the agent, or you can return to the Manage agents screen and create a new agent. Note: If you create a new agent using a new port, you'll need to deploy and try to connect the agent again.
- We've enabled more diagnostics to better help us understand how youíre using AXIOM Cyber and Remote Acquisition. Diagnostics are just one of the ways we get feedback about AXIOM Cyber. You can also send us feedback through your survey responses or by emailing us at firstname.lastname@example.org.
- AXIOM Process now provides a count of the number of potential items to download from the location you selected and indicates how many items have been downloaded successfully. To find out more details about why an item might not have downloaded, you can review the log.txt log file.
- When choosing the items you want to download from the target computer, you can now manually refresh the list of files and folders, drives, and memory processes.
- Increased the number of characters allowed for agent masking details.
- When you load a Slack workspace data export, you can now filter the data by Slack members. You can add the display names of the Slack workspace members whose accounts you want to process. If you select specific members, only the channels and conversations the members are participants in will be processed. If you do not select specific members, the entire archive is processed.
- AXIOM Cloud now includes support for processing private channels and conversations for corporate exports from Slack workspaces.
- Sometimes the agent was unable to connect to the remote computer. -CRA-608
- When you acquired a physical drive or volume, the image was included in the process-memory.zip evidence source rather than a separate .bin file. -CRA-615
- Previously, if you deployed the agent to a remote computer and the agent timed out, you were unable to deploy the agent to the same location on the target computer again. Now, if the agent times out, itís automatically deleted from the target computer. -CRA-66
- Previously, when you tried to connect to the agent, AXIOM Process indicated that it was still attempting to connect but the log file indicated the connection attempt was successful. -CRA-580
Not part of the Magnet AXIOM Cyber beta program? To learn more or to apply, visit magnetforensics.com/axiom-cyber-beta