Binalyze AIR MCP Server provides a bridge to the Binalyze AIR digital forensics platform, enabling access to endpoint data, cases, and investigation tools. This TypeScript implementation offers tools for listing assets, organizations, users, cases, tasks, policies, acquisition profiles, and triage rules through a secure API connection. The server validates API tokens, handles organization-specific filtering, and formats responses for easy consumption, making it valuable for security teams who need to query forensic data, monitor endpoint status, or manage digital investigations through AI assistants.
まだレビューはありません. 最初のレビューを投稿しましょう!
会話に参加するにはサインインしてください
Highlight AIShows all managed/unmanaged endpoints with OS, platform info.
Displays detailed information about a specific asset by its ID.
Shows all tasks associated with a specific asset.
Displays available acquisition profiles.
Shows detailed information about a specific acquisition profile, including evidence and artifacts.
Shows all available artifacts for evidence collection, organized by platform and category.
Shows all available evidence items for forensic data collection, organized by platform and category.
Assigns an evidence acquisition task to specified endpoint(s).
Assigns a disk image acquisition task to a specific endpoint and volume, saving to a specified repository.
Creates a new acquisition profile with the specified configuration.
Assigns a reboot task to a specific endpoint.
Assigns a shutdown task to a specific endpoint.
Assigns an isolation task to a specific endpoint.
Removes isolation from a specific endpoint.
Assigns a log retrieval task to a specific endpoint.
Assigns a version update task to a specific endpoint.
Shows all organizations in environments.
Displays cases with status and creation time.
Shows security policies and collection policies.
Lists all tasks with their statuses.
Shows YARA, OSQuery and Sigma rules for threat detection.
Shows all users in the system with their details.
Retrieves the details of a specific user by their ID.
Shows available drone analyzers with supported operating systems.
Initiates the export of audit logs. The export runs in the background on the AIR server.
Shows audit logs with details like timestamp, user, action, entity.
Uninstalls the specified asset without purging data.
Purges data and uninstalls the specified asset.
Adds specified tags to the targeted asset(s).
Removes specified tags from the targeted asset(s).
Creates a new rule to automatically tag assets based on conditions.
Updates an existing auto asset tag rule with new conditions.
Lists all existing auto asset tag rules with their configurations.
Shows detailed information about a specific auto asset tag rule.
Deletes a specific auto asset tag rule by its ID.
Initiates the auto tagging process for Windows assets matching specified criteria.
Acquires baseline data from specified endpoints for a given case ID.
Compares multiple baseline acquisition tasks for a specific endpoint to identify changes.
Retrieves the comparison result report for a specific endpoint and comparison task.
Shows all available e-discovery patterns for file type detection.
Creates a new policy with custom settings.
Updates an existing policy with new settings.
Displays detailed information about a specific policy.
Updates the order of policy application.
Shows how many endpoints match each policy.
Shows policy matches filtered by platform.
Shows policy matches for offline assets.
Permanently removes a policy from the system.
Shows all assignments associated with a specific task.
Cancels a specific task assignment.
Permanently removes a task assignment.
Displays detailed information about a specific task including evidence types and configuration.
Cancels a running task with the specified ID.
Permanently deletes a specific task.
Creates a new triage rule.
You can work with triage rules and their associated tags.
Creates a new triage tag.
Updates an existing triage rule.
Permanently removes a triage rule.
Retrieves the details of a specific triage rule.
Validates a triage rule syntax without creating it.
Assigns a triage task to endpoints based on filter criteria.
Adds a note to a specific case by its ID.
Updates an existing note in a specific case.
Deletes a specific note from a case by its ID.
