Remote Collection Tool - Off VPN
I saw an earlier post about remote collections. I am looking for a recommendation for a Remote Collection tool that offers collections to either continue when a workstation disconnects from the internal corporate VPN or if an agent is already installed on the workstation, for the collection to be initiated. This will primarily be on workstations with Windows OS, but support for Mac OS is would be a huge plus!
We would primarily be doing full disk collections, but the ability to drill down on the OS and perform a robust targeted collection would be great.
I am aware of the offering from Magnet with their Axiom Cyber module. The tool looks great but we need to do our due diligence and look at other solutions to compare.
Thank you for the suggestions.
Have a look at Velociraptor, CC4n6.
It can run in client- server mode. OSQuery also fulfills some of your requirements.
Binalyze AIR supports the collection of 120+ evidence types out-of-box and lets you acquire evidence, perform triage and create a timeline investigation fully remotely. You can get it up and running on a cloud machine in 5 minutes and start deploying the clients either manually or via SCCM.