Actions99
- InterACT Actions
- Notification Actions
- Organization Actions
- Task Actions
- Policy Actions
- Repository Actions
- Setting Actions
- Triage Rule Actions
- User Actions
- Acquisition Actions
- API Token Actions
- Asset Actions
- Auto Asset Tag Actions
- Baseline Actions
- Case Actions
- Evidence Actions
Overview
The node provides integration with Binalyze AIR's InterACT resource, specifically enabling execution of asynchronous commands within an active InterACT session on a remote device. This allows users to run shell commands interactively and asynchronously, which is useful for automating forensic or incident response tasks remotely.
Typical use cases include:
- Running diagnostic or investigative commands on endpoints during incident response.
- Automating repetitive command executions in forensic workflows.
- Collecting system information or logs asynchronously without blocking the workflow.
For example, a user can start an InterACT session on a target machine, then use this node to execute a command like netstat -an asynchronously to gather network connection data, while continuing other workflow operations.
Properties
| Name | Meaning |
|---|---|
| Session ID | The unique identifier of the active InterACT session where the command will be executed. |
| Command | The shell command string to execute asynchronously within the specified InterACT session. |
| Additional Fields | Optional parameters to customize command execution: |
| - Timeout (Seconds) | Maximum time in seconds to wait for command execution before timing out (1 to 3600). |
| - Working Directory | The directory path in which to execute the command. |
| - Environment Variables | JSON object specifying environment variables to set for the command execution context. |
Output
The node outputs JSON data representing the result of the asynchronous command execution. This typically includes:
- Status or success indicator of the command execution request.
- Any immediate response or metadata about the command submission.
- Possibly a command execution ID or message ID to track the command status asynchronously.
The node does not output binary data.
Dependencies
- Requires a valid API key credential for authenticating with the Binalyze AIR platform.
- Needs an active InterACT session ID to execute commands.
- The node depends on the Binalyze AIR API endpoint accessible from n8n.
Troubleshooting
- Invalid Session ID: If the provided session ID is incorrect or expired, the command execution will fail. Verify the session is active before running commands.
- Command Timeout: Commands exceeding the specified timeout will be terminated; increase the timeout if needed.
- Environment Variable Format: Ensure environment variables are provided as valid JSON; malformed JSON will cause errors.
- API Authentication Errors: Check that the API key credential is correctly configured and has sufficient permissions.
- Unknown Resource Error: Occurs if the resource parameter is not set to "interact" when executing this operation.